diff --git a/1089-fix-cgroup-device-controller.patch b/1089-fix-cgroup-device-controller.patch new file mode 100644 index 0000000..cd68533 --- /dev/null +++ b/1089-fix-cgroup-device-controller.patch @@ -0,0 +1,74 @@ +From eb0f0863f5af48865fb4569e2076d5f9e2313995 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 10 Mar 2014 21:36:01 +0100 +Subject: nspawn: don't try mknod() of /dev/console with the correct + major/minor + +We overmount /dev/console with an external pty anyway, hence there's no +point in using the real major/minor when we create the node to +overmount. Instead, use the one of /dev/null now. + +This fixes a race against the cgroup device controller setup we are +using. In case /dev/console was create before the cgroup policy was +applied all was good, but if created in the opposite order the mknod() +would fail, since creating /dev/console is not allowed by it. Creating +/dev/null instances is however permitted, and hence use it. + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index d8d0dae..bef866a 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -879,23 +879,19 @@ static int setup_ptmx(const char *dest) { + } + + static int setup_dev_console(const char *dest, const char *console) { ++ _cleanup_umask_ mode_t u; ++ const char *to; + struct stat st; +- _cleanup_free_ char *to = NULL; + int r; +- _cleanup_umask_ mode_t u; + + assert(dest); + assert(console); + + u = umask(0000); + +- if (stat(console, &st) < 0) { +- log_error("Failed to stat %s: %m", console); ++ if (stat("/dev/null", &st) < 0) { ++ log_error("Failed to stat /dev/null: %m"); + return -errno; +- +- } else if (!S_ISCHR(st.st_mode)) { +- log_error("/dev/console is not a char device"); +- return -EIO; + } + + r = chmod_and_chown(console, 0600, 0, 0); +@@ -904,16 +900,15 @@ static int setup_dev_console(const char *dest, const char *console) { + return r; + } + +- if (asprintf(&to, "%s/dev/console", dest) < 0) +- return log_oom(); +- + /* We need to bind mount the right tty to /dev/console since + * ptys can only exist on pts file systems. To have something +- * to bind mount things on we create a device node first, that +- * has the right major/minor (note that the major minor +- * doesn't actually matter here, since we mount it over +- * anyway). */ ++ * to bind mount things on we create a device node first, and ++ * use /dev/null for that since we the cgroups device policy ++ * allows us to create that freely, while we cannot create ++ * /dev/console. (Note that the major minor doesn't actually ++ * matter here, since we mount it over anyway). */ + ++ to = strappenda(dest, "/dev/console"); + if (mknod(to, (st.st_mode & ~07777) | 0600, st.st_rdev) < 0) { + log_error("mknod() for /dev/console failed: %m"); + return -errno; +-- +cgit v0.10.2 + diff --git a/systemd-mini.changes b/systemd-mini.changes index 7272de7..3ae63a4 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Oct 22 13:56:22 UTC 2014 - werner@suse.de + +- Add upstream patch 1089-fix-cgroup-device-controller.patch + to avoid trouble on existing /dev/console with nspawn (bsc#902240) + ------------------------------------------------------------------- Tue Oct 21 11:03:31 UTC 2014 - werner@suse.de diff --git a/systemd-mini.spec b/systemd-mini.spec index b2fc871..4e04d0e 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -1143,10 +1143,12 @@ Patch1084: 1084-udev-ctrl-log-if-setting-SO_PASSCRED-fails.patch Patch1085: 1085-udev-fix-typos.patch # PATCH-FIX-UPSTREAM 1085-udevd-don-t-fail-if-run-udev-exists.patch Patch1086: 1086-udevd-don-t-fail-if-run-udev-exists.patch -# PATCH-FIX-SSUE 1087-infinit-timeout-for-kmod-loaded-modules.patch +# PATCH-FIX-SUSE 1087-infinit-timeout-for-kmod-loaded-modules.patch Patch1087: 1087-infinit-timeout-for-kmod-loaded-modules.patch -# PATCH-FIX-SSUE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432) +# PATCH-FIX-SUSE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432) Patch1088: 1088-drop-renaming-of-virtual-interfaces-in-guest.patch +# PATCH-FIX-UPSTREAM 1089-fix-cgroup-device-controller.patch +Patch1089: 1089-fix-cgroup-device-controller.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -1894,6 +1896,7 @@ cp %{SOURCE7} m4/ %patch1086 -p0 %patch1087 -p0 %patch1088 -p1 +%patch1089 -p1 # remove patch backups find -name '*.orig' -exec rm -f '{}' \+ diff --git a/systemd.changes b/systemd.changes index 7272de7..3ae63a4 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Oct 22 13:56:22 UTC 2014 - werner@suse.de + +- Add upstream patch 1089-fix-cgroup-device-controller.patch + to avoid trouble on existing /dev/console with nspawn (bsc#902240) + ------------------------------------------------------------------- Tue Oct 21 11:03:31 UTC 2014 - werner@suse.de diff --git a/systemd.spec b/systemd.spec index 17384ac..7e1e0e8 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1138,10 +1138,12 @@ Patch1084: 1084-udev-ctrl-log-if-setting-SO_PASSCRED-fails.patch Patch1085: 1085-udev-fix-typos.patch # PATCH-FIX-UPSTREAM 1085-udevd-don-t-fail-if-run-udev-exists.patch Patch1086: 1086-udevd-don-t-fail-if-run-udev-exists.patch -# PATCH-FIX-SSUE 1087-infinit-timeout-for-kmod-loaded-modules.patch +# PATCH-FIX-SUSE 1087-infinit-timeout-for-kmod-loaded-modules.patch Patch1087: 1087-infinit-timeout-for-kmod-loaded-modules.patch -# PATCH-FIX-SSUE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432) +# PATCH-FIX-SUSE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432) Patch1088: 1088-drop-renaming-of-virtual-interfaces-in-guest.patch +# PATCH-FIX-UPSTREAM 1089-fix-cgroup-device-controller.patch +Patch1089: 1089-fix-cgroup-device-controller.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -1889,6 +1891,7 @@ cp %{SOURCE7} m4/ %patch1086 -p0 %patch1087 -p0 %patch1088 -p1 +%patch1089 -p1 # remove patch backups find -name '*.orig' -exec rm -f '{}' \+