nspawn: don't try mknod() of /dev/console with the correct major/minor

We overmount /dev/console with an external pty anyway, hence there's no point in using the real major/minor when we create the node to overmount. Instead, use the one of /dev/null now. This fixes a race against the cgroup device controller setup we are using. In case /dev/console was create before the cgroup policy was applied all was good, but if created in the opposite order the mknod() would fail, since creating /dev/console is not allowed by it. Creating /dev/null instances is however permitted, and hence use it.
2026-03-06 15:02:31 -08:00 · 2014-03-10 21:36:01 +01:00
parent 1b9e5b1263
commit eb0f0863f5
1 changed files with 11 additions and 16 deletions
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -879,23 +879,19 @@ static int setup_ptmx(const char *dest) {
 }

 static int setup_dev_console(const char *dest, const char *console) {
-        struct stat st;
-        _cleanup_free_ char *to = NULL;
-        int r;
        _cleanup_umask_ mode_t u;
+        const char *to;
+        struct stat st;
+        int r;

        assert(dest);
        assert(console);

        u = umask(0000);

-        if (stat(console, &st) < 0) {
-                log_error("Failed to stat %s: %m", console);
+        if (stat("/dev/null", &st) < 0) {
+                log_error("Failed to stat /dev/null: %m");
                return -errno;
-
-        } else if (!S_ISCHR(st.st_mode)) {
-                log_error("/dev/console is not a char device");
-                return -EIO;
        }

        r = chmod_and_chown(console, 0600, 0, 0);
@@ -904,16 +900,15 @@ static int setup_dev_console(const char *dest, const char *console) {
                return r;
        }

-        if (asprintf(&to, "%s/dev/console", dest) < 0)
-                return log_oom();
-
        /* We need to bind mount the right tty to /dev/console since
         * ptys can only exist on pts file systems. To have something
-         * to bind mount things on we create a device node first, that
-         * has the right major/minor (note that the major minor
-         * doesn't actually matter here, since we mount it over
-         * anyway). */
+         * to bind mount things on we create a device node first, and
+         * use /dev/null for that since we the cgroups device policy
+         * allows us to create that freely, while we cannot create
+         * /dev/console. (Note that the major minor doesn't actually
+         * matter here, since we mount it over anyway). */

+        to = strappenda(dest, "/dev/console");
        if (mknod(to, (st.st_mode & ~07777) | 0600, st.st_rdev) < 0) {
                log_error("mknod() for /dev/console failed: %m");
                return -errno;