diff options
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/audit-util.c | 2 | ||||
| -rw-r--r-- | src/basic/missing_loop.h | 4 | ||||
| -rw-r--r-- | src/basic/process-util.c | 26 | ||||
| -rw-r--r-- | src/basic/virt.c | 7 |
4 files changed, 33 insertions, 6 deletions
diff --git a/src/basic/audit-util.c b/src/basic/audit-util.c index bf96e08..7f86f84 100644 --- a/src/basic/audit-util.c +++ b/src/basic/audit-util.c @@ -99,7 +99,7 @@ static int try_audit_request(int fd) { n = recvmsg_safe(fd, &mh, 0); if (n < 0) - return -errno; + return n; if (n != NLMSG_LENGTH(sizeof(struct nlmsgerr))) return -EIO; diff --git a/src/basic/missing_loop.h b/src/basic/missing_loop.h index b88501d..f83a14c 100644 --- a/src/basic/missing_loop.h +++ b/src/basic/missing_loop.h @@ -29,3 +29,7 @@ assert_cc(LOOP_SET_DIRECT_IO == 0x4C08); #ifndef LOOP_SET_STATUS_SETTABLE_FLAGS # define LOOP_SET_STATUS_SETTABLE_FLAGS (LO_FLAGS_AUTOCLEAR | LO_FLAGS_PARTSCAN) #endif + +#ifndef LOOP_SET_BLOCK_SIZE +# define LOOP_SET_BLOCK_SIZE 0x4C09 +#endif diff --git a/src/basic/process-util.c b/src/basic/process-util.c index c9d968d..de5a146 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c @@ -2066,9 +2066,10 @@ int posix_spawn_wrapper( _unused_ _cleanup_(posix_spawnattr_destroyp) posix_spawnattr_t *attr_destructor = &attr; #if HAVE_PIDFD_SPAWN + static bool setcgroup_supported = true; _cleanup_close_ int cgroup_fd = -EBADF; - if (cgroup) { + if (cgroup && setcgroup_supported) { _cleanup_free_ char *resolved_cgroup = NULL; r = cg_get_path_and_check( @@ -2102,6 +2103,19 @@ int posix_spawn_wrapper( _cleanup_close_ int pidfd = -EBADF; r = pidfd_spawn(&pidfd, path, NULL, &attr, argv, envp); + if (r == E2BIG && FLAGS_SET(flags, POSIX_SPAWN_SETCGROUP)) { + /* Some kernels (e.g., 5.4) support clone3 but they do not support CLONE_INTO_CGROUP. + * Retry pidfd_spawn() after removing the flag. */ + flags &= ~POSIX_SPAWN_SETCGROUP; + r = posix_spawnattr_setflags(&attr, flags); + if (r != 0) + return -r; + r = pidfd_spawn(&pidfd, path, NULL, &attr, argv, envp); + /* if pidfd_spawn was successful after removing SPAWN_CGROUP, + * mark setcgroup_supported as false so that we do not retry every time */ + if (r == 0) + setcgroup_supported = false; + } if (r == 0) { r = pidref_set_pidfd_consume(ret_pidref, TAKE_FD(pidfd)); if (r < 0) @@ -2120,10 +2134,12 @@ int posix_spawn_wrapper( /* Compiled on a newer host, or seccomp&friends blocking clone3()? Fallback, but need to change the * flags to remove the cgroup one, which is what redirects to clone3() */ - flags &= ~POSIX_SPAWN_SETCGROUP; - r = posix_spawnattr_setflags(&attr, flags); - if (r != 0) - return -r; + if (FLAGS_SET(flags, POSIX_SPAWN_SETCGROUP)) { + flags &= ~POSIX_SPAWN_SETCGROUP; + r = posix_spawnattr_setflags(&attr, flags); + if (r != 0) + return -r; + } #endif pid_t pid; diff --git a/src/basic/virt.c b/src/basic/virt.c index 0970350..2cb3a08 100644 --- a/src/basic/virt.c +++ b/src/basic/virt.c @@ -896,6 +896,13 @@ int running_in_chroot(void) { * mount /proc, so all other programs can assume that if /proc is *not* available, we're in some * chroot. */ + r = getenv_bool("SYSTEMD_IN_CHROOT"); + if (r >= 0) + return r > 0; + if (r != -ENXIO) + log_debug_errno(r, "Failed to parse $SYSTEMD_IN_CHROOT, ignoring: %m"); + + /* Deprecated but kept for backwards compatibility. */ if (getenv_bool("SYSTEMD_IGNORE_CHROOT") > 0) return 0; |