[systemd-commits] 3 commits - man/systemd.resource-control.xml rules/60-persistent-storage.rules src/core src/gpt-auto-generator src/nspawn
Lennart Poettering
lennart at kemper.freedesktop.org
Tue Mar 11 09:44:31 PDT 2014
man/systemd.resource-control.xml | 12 ++++++++----
rules/60-persistent-storage.rules | 2 +-
src/core/cgroup.c | 4 +++-
src/gpt-auto-generator/gpt-auto-generator.c | 2 +-
src/nspawn/nspawn.c | 15 +++++++++++++--
5 files changed, 26 insertions(+), 9 deletions(-)
New commits:
commit a07f961e98456714e7516c75041d5150d8641776
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Mar 11 17:43:00 2014 +0100
nspawn: allow using kdbus from nspawn containers
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index cd31bd4..1051b92 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1258,7 +1258,7 @@ static int register_machine(pid_t pid) {
return r;
}
- r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 8,
+ r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 10,
/* Allow the container to
* access and create the API
* device nodes, so that
@@ -1277,7 +1277,18 @@ static int register_machine(pid_t pid) {
* container to ever create
* these device nodes. */
"/dev/pts/ptmx", "rw",
- "char-pts", "rw");
+ "char-pts", "rw",
+ /* Allow the container
+ * access to all kdbus
+ * devices. Again, the
+ * container cannot create
+ * these nodes, only use
+ * them. We use a pretty
+ * open match here, so that
+ * the kernel API can still
+ * change. */
+ "char-kdbus", "rw",
+ "char-kdbus/*", "rw");
if (r < 0) {
log_error("Failed to add device whitelist: %s", strerror(-r));
return r;
commit e41969e3d1a8bda8b0b2f7eb012cef1c8835509a
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Mar 11 17:42:24 2014 +0100
core: support globbing matches in DeviceAllow= when checking for device groups
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
index c3fd5fc..a51e600 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -275,12 +275,16 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
followed by a device group name, as listed in
<filename>/proc/devices</filename>. The latter is useful to
whitelist all current and future devices belonging to a
- specific device group at once. Examples:
- <filename>/dev/sda5</filename> is a path to a device node,
- referring to an ATA or SCSI block
+ specific device group at once. The device group is matched
+ according to file name globbing rules, you may hence use the
+ <literal>*</literal> and <literal>?</literal>
+ wildcards. Examples: <filename>/dev/sda5</filename> is a
+ path to a device node, referring to an ATA or SCSI block
device. <literal>char-pts</literal> and
<literal>char-alsa</literal> are specifiers for all pseudo
- TTYs and all ALSA sound devices, respectively.</para>
+ TTYs and all ALSA sound devices,
+ respectively. <literal>char-cpu/*</literal> is a specifier
+ matching all CPU related device groups.</para>
</listitem>
</varlistentry>
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 1327486..18de888 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -20,6 +20,7 @@
***/
#include <fcntl.h>
+#include <fnmatch.h>
#include "path-util.h"
#include "special.h"
@@ -246,7 +247,8 @@ static int whitelist_major(const char *path, const char *name, char type, const
w++;
w += strspn(w, WHITESPACE);
- if (!streq(w, name))
+
+ if (fnmatch(name, w, 0) != 0)
continue;
sprintf(buf,
commit 98b2f766b24c84fc49a4df954717b1f96bbce00d
Author: Lennart Poettering <lennart at poettering.net>
Date: Tue Mar 11 17:27:58 2014 +0100
gpt-auto-generator: rename root device node symlink to /dev/gpt-auto-root
Before it was placed in /dev/disk/by-id, which makes it a bit too much
API. However, it's mostly an implementation detail for now, hence move
it out of the stable block device dir.
diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
index 19e450d..475b151 100644
--- a/rules/60-persistent-storage.rules
+++ b/rules/60-persistent-storage.rules
@@ -85,6 +85,6 @@ ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/
ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
# add symlink to GPT root disk
-ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_GPT_AUTO_ROOT}=="1", SYMLINK+="disk/by-id/gpt-auto-root"
+ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_GPT_AUTO_ROOT}=="1", SYMLINK+="gpt-auto-root"
LABEL="persistent_storage_end"
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index be91977..e487f64 100644
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -702,7 +702,7 @@ static int add_root_mount(void) {
return add_mount(
"root",
- "/dev/disk/by-id/gpt-auto-root",
+ "/dev/gpt-auto-root",
in_initrd() ? "/sysroot" : "/",
NULL,
arg_root_rw ? "rw" : "ro",
More information about the systemd-commits
mailing list