summaryrefslogtreecommitdiffstats
path: root/src/nspawn
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-09-16 18:28:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-09-16 18:28:34 +0000
commit39bea55b2de0eabc2a876ed40dd664d1f80cbcd2 (patch)
tree440d70559330bcdfe14968d44dd5d33ea570281e /src/nspawn
parentReleasing progress-linux version 256.5-2~progress7.99u1. (diff)
downloadsystemd-39bea55b2de0eabc2a876ed40dd664d1f80cbcd2.tar.xz
systemd-39bea55b2de0eabc2a876ed40dd664d1f80cbcd2.zip
Merging upstream version 256.6.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/nspawn')
-rw-r--r--src/nspawn/nspawn.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 7d87116..c6ce36b 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2207,7 +2207,7 @@ static int copy_devnodes(const char *dest) {
/* Explicitly warn the user when /dev is already populated. */
if (errno == EEXIST)
log_notice("%s/dev/ is pre-mounted and pre-populated. If a pre-mounted /dev/ is provided it needs to be an unpopulated file system.", dest);
- if (errno != EPERM)
+ if (!ERRNO_IS_PRIVILEGE(errno) || arg_uid_shift != 0)
return log_error_errno(errno, "mknod(%s) failed: %m", to);
/* Some systems abusively restrict mknod but allow bind mounts. */
@@ -2217,12 +2217,12 @@ static int copy_devnodes(const char *dest) {
r = mount_nofollow_verbose(LOG_DEBUG, from, to, NULL, MS_BIND, NULL);
if (r < 0)
return log_error_errno(r, "Both mknod and bind mount (%s) failed: %m", to);
+ } else {
+ r = userns_lchown(to, 0, 0);
+ if (r < 0)
+ return log_error_errno(r, "chown() of device node %s failed: %m", to);
}
- r = userns_lchown(to, 0, 0);
- if (r < 0)
- return log_error_errno(r, "chown() of device node %s failed: %m", to);
-
dn = path_join("/dev", S_ISCHR(st.st_mode) ? "char" : "block");
if (!dn)
return log_oom();