From 07fa00f9d9f4bcedc2289680b6d39f9b0815f577 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 8 Sep 2015 01:17:15 +0200
Subject: nspawn: properly propagate errors when we fail to set soemthing up

---
 src/nspawn/nspawn.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index ff8539397f..8cd3cbc620 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2727,12 +2727,14 @@ static int outer_child(
         if (r < 0)
                 return r;
 
-        if (copy_devnodes(directory) < 0)
+        r = copy_devnodes(directory);
+        if (r < 0)
                 return r;
 
         dev_setup(directory, arg_uid_shift, arg_uid_shift);
 
-        if (setup_pts(directory) < 0)
+        r = setup_pts(directory);
+        if (r < 0)
                 return r;
 
         r = setup_propagate(directory);
-- 
cgit v1.2.3-54-g00ecf


From 4610de5022f4af31dbe86d244c272426dffd9fd8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 8 Sep 2015 01:17:47 +0200
Subject: inspawn: switch from SOCK_DGRAM to SOCK_SEQPACKET for internal
 socketpairs

SOCK_DGRAM and SOCK_SEQPACKET have very similar semantics when used with
socketpair(). However, SOCK_SEQPACKET has the advantage of knowing a
hangup concept, since it is inherently connection-oriented.

Since we use socket pairs to communicate between the nspawn main process
and the nspawn child process, where the child might die abnormally it's
interesting to us to learn about this via hangups if the child side of
the pair is closed. Hence, let's switch to SOCK_SEQPACKET for these
internal communication sockets.

Fixes #956.
---
 src/nspawn/nspawn.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 8cd3cbc620..9517e41202 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3272,23 +3272,23 @@ int main(int argc, char *argv[]) {
                         goto finish;
                 }
 
-                if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) {
+                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) {
                         r = log_error_errno(errno, "Failed to create kmsg socket pair: %m");
                         goto finish;
                 }
 
-                if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, rtnl_socket_pair) < 0) {
+                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, rtnl_socket_pair) < 0) {
                         r = log_error_errno(errno, "Failed to create rtnl socket pair: %m");
                         goto finish;
                 }
 
-                if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, pid_socket_pair) < 0) {
+                if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pid_socket_pair) < 0) {
                         r = log_error_errno(errno, "Failed to create pid socket pair: %m");
                         goto finish;
                 }
 
                 if (arg_userns)
-                        if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, uid_shift_socket_pair) < 0) {
+                        if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, uid_shift_socket_pair) < 0) {
                                 r = log_error_errno(errno, "Failed to create uid shift socket pair: %m");
                                 goto finish;
                         }
-- 
cgit v1.2.3-54-g00ecf


From 76d448820e9e6b11dbdc5778802bda6f998212b4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 8 Sep 2015 01:22:26 +0200
Subject: nspawn: short reads do not set errno, hence don't try to print it

---
 src/nspawn/nspawn.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 9517e41202..ad383e876c 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3377,7 +3377,7 @@ int main(int argc, char *argv[]) {
                         goto finish;
                 }
                 if (l != sizeof(pid)) {
-                        log_error("Short read while reading inner child PID: %m");
+                        log_error("Short read while reading inner child PID.");
                         r = EIO;
                         goto finish;
                 }
@@ -3397,7 +3397,7 @@ int main(int argc, char *argv[]) {
                                 goto finish;
                         }
                         if (l != sizeof(arg_uid_shift)) {
-                                log_error("Short read while reading UID shift: %m");
+                                log_error("Short read while reading UID shift.");
                                 r = EIO;
                                 goto finish;
                         }
-- 
cgit v1.2.3-54-g00ecf


From 82116c43298c9e638742a87072fa29176104edf4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 8 Sep 2015 01:22:46 +0200
Subject: nspawn: also close uid shift socket in the parent

We should really close all parent sides of our child/parent socket
pairs.
---
 src/nspawn/nspawn.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index ad383e876c..33943a4b2f 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3359,6 +3359,7 @@ int main(int argc, char *argv[]) {
                 kmsg_socket_pair[1] = safe_close(kmsg_socket_pair[1]);
                 rtnl_socket_pair[1] = safe_close(rtnl_socket_pair[1]);
                 pid_socket_pair[1] = safe_close(pid_socket_pair[1]);
+                uid_shift_socket_pair[1] = safe_close(uid_shift_socket_pair[1]);
 
                 /* Wait for the outer child. */
                 r = wait_for_terminate_and_warn("namespace helper", pid, NULL);
-- 
cgit v1.2.3-54-g00ecf