.

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=806

1089-fix-cgroup-device-controller.patch

@@ -0,0 +1,74 @@
+From eb0f0863f5af48865fb4569e2076d5f9e2313995 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 10 Mar 2014 21:36:01 +0100
+Subject: nspawn: don't try mknod() of /dev/console with the correct
+ major/minor
+
+We overmount /dev/console with an external pty anyway, hence there's no
+point in using the real major/minor when we create the node to
+overmount. Instead, use the one of /dev/null now.
+
+This fixes a race against the cgroup device controller setup we are
+using. In case /dev/console was create before the cgroup policy was
+applied all was good, but if created in the opposite order the mknod()
+would fail, since creating /dev/console is not allowed by it. Creating
+/dev/null instances is however permitted, and hence use it.
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index d8d0dae..bef866a 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -879,23 +879,19 @@ static int setup_ptmx(const char *dest) {
+ }
+ 
+ static int setup_dev_console(const char *dest, const char *console) {
++        _cleanup_umask_ mode_t u;
++        const char *to;
+         struct stat st;
+-        _cleanup_free_ char *to = NULL;
+         int r;
+-        _cleanup_umask_ mode_t u;
+ 
+         assert(dest);
+         assert(console);
+ 
+         u = umask(0000);
+ 
+-        if (stat(console, &st) < 0) {
+-                log_error("Failed to stat %s: %m", console);
++        if (stat("/dev/null", &st) < 0) {
++                log_error("Failed to stat /dev/null: %m");
+                 return -errno;
+-
+-        } else if (!S_ISCHR(st.st_mode)) {
+-                log_error("/dev/console is not a char device");
+-                return -EIO;
+         }
+ 
+         r = chmod_and_chown(console, 0600, 0, 0);
+@@ -904,16 +900,15 @@ static int setup_dev_console(const char *dest, const char *console) {
+                 return r;
+         }
+ 
+-        if (asprintf(&to, "%s/dev/console", dest) < 0)
+-                return log_oom();
+-
+         /* We need to bind mount the right tty to /dev/console since
+          * ptys can only exist on pts file systems. To have something
+-         * to bind mount things on we create a device node first, that
+-         * has the right major/minor (note that the major minor
+-         * doesn't actually matter here, since we mount it over
+-         * anyway). */
++         * to bind mount things on we create a device node first, and
++         * use /dev/null for that since we the cgroups device policy
++         * allows us to create that freely, while we cannot create
++         * /dev/console. (Note that the major minor doesn't actually
++         * matter here, since we mount it over anyway). */
+ 
++        to = strappenda(dest, "/dev/console");
+         if (mknod(to, (st.st_mode & ~07777) | 0600, st.st_rdev) < 0) {
+                 log_error("mknod() for /dev/console failed: %m");
+                 return -errno;
+-- 
+cgit v0.10.2
+

systemd-mini.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 22 13:56:22 UTC 2014 - werner@suse.de
+
+- Add upstream patch 1089-fix-cgroup-device-controller.patch
+  to avoid trouble on existing /dev/console with nspawn (bsc#902240)
+
 -------------------------------------------------------------------
 Tue Oct 21 11:03:31 UTC 2014 - werner@suse.de
 

systemd-mini.spec

@@ -1143,10 +1143,12 @@ Patch1084:      1084-udev-ctrl-log-if-setting-SO_PASSCRED-fails.patch
 Patch1085:      1085-udev-fix-typos.patch
 # PATCH-FIX-UPSTREAM 1085-udevd-don-t-fail-if-run-udev-exists.patch
 Patch1086:      1086-udevd-don-t-fail-if-run-udev-exists.patch
-# PATCH-FIX-SSUE 1087-infinit-timeout-for-kmod-loaded-modules.patch
+# PATCH-FIX-SUSE 1087-infinit-timeout-for-kmod-loaded-modules.patch
 Patch1087:      1087-infinit-timeout-for-kmod-loaded-modules.patch
-# PATCH-FIX-SSUE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432)
+# PATCH-FIX-SUSE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432)
 Patch1088:      1088-drop-renaming-of-virtual-interfaces-in-guest.patch
+# PATCH-FIX-UPSTREAM 1089-fix-cgroup-device-controller.patch
+Patch1089:      1089-fix-cgroup-device-controller.patch
 
 %description
 Systemd is a system and service manager, compatible with SysV and LSB
@@ -1894,6 +1896,7 @@ cp %{SOURCE7} m4/
 %patch1086 -p0
 %patch1087 -p0
 %patch1088 -p1
+%patch1089 -p1
 
 # remove patch backups
 find -name '*.orig' -exec rm -f '{}' \+

systemd.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 22 13:56:22 UTC 2014 - werner@suse.de
+
+- Add upstream patch 1089-fix-cgroup-device-controller.patch
+  to avoid trouble on existing /dev/console with nspawn (bsc#902240)
+
 -------------------------------------------------------------------
 Tue Oct 21 11:03:31 UTC 2014 - werner@suse.de
 

systemd.spec

@@ -1138,10 +1138,12 @@ Patch1084:      1084-udev-ctrl-log-if-setting-SO_PASSCRED-fails.patch
 Patch1085:      1085-udev-fix-typos.patch
 # PATCH-FIX-UPSTREAM 1085-udevd-don-t-fail-if-run-udev-exists.patch
 Patch1086:      1086-udevd-don-t-fail-if-run-udev-exists.patch
-# PATCH-FIX-SSUE 1087-infinit-timeout-for-kmod-loaded-modules.patch
+# PATCH-FIX-SUSE 1087-infinit-timeout-for-kmod-loaded-modules.patch
 Patch1087:      1087-infinit-timeout-for-kmod-loaded-modules.patch
-# PATCH-FIX-SSUE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432)
+# PATCH-FIX-SUSE 1088-drop-renaming-of-virtual-interfaces-in-guest.patch (bnc#898432)
 Patch1088:      1088-drop-renaming-of-virtual-interfaces-in-guest.patch
+# PATCH-FIX-UPSTREAM 1089-fix-cgroup-device-controller.patch
+Patch1089:      1089-fix-cgroup-device-controller.patch
 
 %description
 Systemd is a system and service manager, compatible with SysV and LSB
@@ -1889,6 +1891,7 @@ cp %{SOURCE7} m4/
 %patch1086 -p0
 %patch1087 -p0
 %patch1088 -p1
+%patch1089 -p1
 
 # remove patch backups
 find -name '*.orig' -exec rm -f '{}' \+