Skip to content
Commit e7330dfe authored by Dongsu Park's avatar Dongsu Park Committed by Lennart Poettering
Browse files

cgroup: support prefix "-" in cgroups whitelisting entries (#4687) 

So far systemd-nspawn container has been creating files under
/run/systemd/inaccessible, no matter whether it's running in user
namespace or not. That's fine for regular files, dirs, socks, fifos.
However, it's not for block and character devices, because kernel
doesn't allow them to be created under user namespace. It results
in warnings at booting like that:

====
  Couldn't stat device /run/systemd/inaccessible/chr
  Couldn't stat device /run/systemd/inaccessible/blk
====

Thus we need to have the cgroups whitelisting handler to silently ignore
a file, when the device path is prefixed with "-". That's exactly the
same convention used in directives like ReadOnlyPaths=. Also insert the
prefix "-" to inaccessible entries.
parent a9d2d40d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment