1 files changed, 21 insertions, 38 deletions

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 5702df8ab4..ab93f98df4 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -50,7 +50,6 @@
 #include "base-filesystem.h"
 #include "blkid-util.h"
 #include "btrfs-util.h"
-#include "build.h"
 #include "cap-list.h"
 #include "capability.h"
 #include "cgroup-util.h"
@@ -84,12 +83,12 @@
 #include "udev-util.h"
 #include "util.h"
 
-#include "nspawn-settings.h"
+#include "nspawn-cgroup.h"
+#include "nspawn-expose-ports.h"
 #include "nspawn-mount.h"
 #include "nspawn-network.h"
-#include "nspawn-expose-ports.h"
-#include "nspawn-cgroup.h"
 #include "nspawn-register.h"
+#include "nspawn-settings.h"
 #include "nspawn-setuid.h"
 
 typedef enum ContainerStatus {
@@ -414,9 +413,7 @@ static int parse_argv(int argc, char *argv[]) {
                         return 0;
 
                 case ARG_VERSION:
-                        puts(PACKAGE_STRING);
-                        puts(SYSTEMD_FEATURES);
-                        return 0;
+                        return version();
 
                 case 'D':
                         r = set_sanitized_path(&arg_directory, optarg);
@@ -1264,16 +1261,7 @@ static int setup_dev_console(const char *dest, const char *console) {
 static int setup_kmsg(const char *dest, int kmsg_socket) {
         const char *from, *to;
         _cleanup_umask_ mode_t u;
-        int fd, k;
-        union {
-                struct cmsghdr cmsghdr;
-                uint8_t buf[CMSG_SPACE(sizeof(int))];
-        } control = {};
-        struct msghdr mh = {
-                .msg_control = &control,
-                .msg_controllen = sizeof(control),
-        };
-        struct cmsghdr *cmsg;
+        int fd, r;
 
         assert(kmsg_socket >= 0);
 
@@ -1298,21 +1286,13 @@ static int setup_kmsg(const char *dest, int kmsg_socket) {
         if (fd < 0)
                 return log_error_errno(errno, "Failed to open fifo: %m");
 
-        cmsg = CMSG_FIRSTHDR(&mh);
-        cmsg->cmsg_level = SOL_SOCKET;
-        cmsg->cmsg_type = SCM_RIGHTS;
-        cmsg->cmsg_len = CMSG_LEN(sizeof(int));
-        memcpy(CMSG_DATA(cmsg), &fd, sizeof(int));
-
-        mh.msg_controllen = cmsg->cmsg_len;
-
         /* Store away the fd in the socket, so that it stays open as
          * long as we run the child */
-        k = sendmsg(kmsg_socket, &mh, MSG_NOSIGNAL);
+        r = send_one_fd(kmsg_socket, fd, 0);
         safe_close(fd);
 
-        if (k < 0)
-                return log_error_errno(errno, "Failed to send FIFO fd: %m");
+        if (r < 0)
+                return log_error_errno(r, "Failed to send FIFO fd: %m");
 
         /* And now make the FIFO unavailable as /run/kmsg... */
         (void) unlink(from);
@@ -2299,8 +2279,6 @@ static int wait_for_container(pid_t pid, ContainerStatus *container) {
         return r;
 }
 
-static void nop_handler(int sig) {}
-
 static int on_orderly_shutdown(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
         pid_t pid;
 
@@ -2472,7 +2450,11 @@ static int inner_child(
                 }
         }
 
-        r = mount_all(NULL, true, arg_uid_shift, arg_uid_range, arg_selinux_apifs_context);
+        r = mount_all(NULL, arg_userns, true, arg_uid_shift, arg_uid_range, arg_selinux_apifs_context);
+        if (r < 0)
+                return r;
+
+        r = mount_sysfs(NULL);
         if (r < 0)
                 return r;
 
@@ -2723,7 +2705,7 @@ static int outer_child(
                         return log_error_errno(r, "Failed to make tree read-only: %m");
         }
 
-        r = mount_all(directory, false, arg_uid_shift, arg_uid_range, arg_selinux_apifs_context);
+        r = mount_all(directory, arg_userns, false, arg_uid_shift, arg_uid_range, arg_selinux_apifs_context);
         if (r < 0)
                 return r;
 
@@ -2804,6 +2786,8 @@ static int outer_child(
         }
 
         pid_socket = safe_close(pid_socket);
+        kmsg_socket = safe_close(kmsg_socket);
+        rtnl_socket = safe_close(rtnl_socket);
 
         return 0;
 }
@@ -3256,7 +3240,7 @@ int main(int argc, char *argv[]) {
                 ContainerStatus container_status;
                 _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
                 static const struct sigaction sa = {
-                        .sa_handler = nop_handler,
+                        .sa_handler = nop_signal_handler,
                         .sa_flags = SA_NOCLDSTOP,
                 };
                 int ifi = 0;
@@ -3353,8 +3337,7 @@ int main(int argc, char *argv[]) {
 
                 barrier_set_role(&barrier, BARRIER_PARENT);
 
-                fdset_free(fds);
-                fds = NULL;
+                fds = fdset_free(fds);
 
                 kmsg_socket_pair[1] = safe_close(kmsg_socket_pair[1]);
                 rtnl_socket_pair[1] = safe_close(rtnl_socket_pair[1]);
@@ -3489,8 +3472,8 @@ int main(int argc, char *argv[]) {
                 }
 
                 /* Let the child know that we are ready and wait that the child is completely ready now. */
-                if (!barrier_place_and_sync(&barrier)) { /* #5 */
-                        log_error("Client died too early.");
+                if (!barrier_place_and_sync(&barrier)) { /* #4 */
+                        log_error("Child died too early.");
                         r = -ESRCH;
                         goto finish;
                 }
@@ -3529,7 +3512,7 @@ int main(int argc, char *argv[]) {
 
                 rtnl_socket_pair[0] = safe_close(rtnl_socket_pair[0]);
 
-                r = pty_forward_new(event, master, true, !interactive, &forward);
+                r = pty_forward_new(event, master, PTY_FORWARD_IGNORE_VHANGUP | (interactive ? 0 : PTY_FORWARD_READ_ONLY), &forward);
                 if (r < 0) {
                         log_error_errno(r, "Failed to create PTY forwarder: %m");
                         goto finish;