From b6e953f24cadd03d461b4b886a1b6a8acdd2bb2d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 18 Nov 2016 23:34:39 +0100 Subject: nspawn: add ability to run nspawn without container locks applied This adds a new undocumented env var $SYSTEMD_NSPAWN_LOCK. When set to "0", nspawn will not attempt to lock the image. Fixes: #4037 --- src/shared/machine-image.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'src/shared') diff --git a/src/shared/machine-image.c b/src/shared/machine-image.c index af102e3096..baf8713242 100644 --- a/src/shared/machine-image.c +++ b/src/shared/machine-image.c @@ -33,6 +33,7 @@ #include "chattr-util.h" #include "copy.h" #include "dirent-util.h" +#include "env-util.h" #include "fd-util.h" #include "fs-util.h" #include "hashmap.h" @@ -724,12 +725,17 @@ int image_path_lock(const char *path, int operation, LockFile *global, LockFile * uses the device/inode number. This has the benefit that we * can even lock a tree that is a mount point, correctly. */ - if (path_equal(path, "/")) - return -EBUSY; - if (!path_is_absolute(path)) return -EINVAL; + if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) { + *local = *global = (LockFile) LOCK_FILE_INIT; + return 0; + } + + if (path_equal(path, "/")) + return -EBUSY; + if (stat(path, &st) >= 0) { if (asprintf(&p, "/run/systemd/nspawn/locks/inode-%lu:%lu", (unsigned long) st.st_dev, (unsigned long) st.st_ino) < 0) return -ENOMEM; @@ -784,6 +790,11 @@ int image_name_lock(const char *name, int operation, LockFile *ret) { if (!image_name_is_valid(name)) return -EINVAL; + if (getenv_bool("SYSTEMD_NSPAWN_LOCK") == 0) { + *ret = (LockFile) LOCK_FILE_INIT; + return 0; + } + if (streq(name, ".host")) return -EBUSY; -- cgit v1.2.3-54-g00ecf