* accept this here, and silently make "--ephemeral --template=" equivalent to "--ephemeral
* --directory=". */
- arg_directory = arg_template;
- arg_template = NULL;
+ arg_directory = TAKE_PTR(arg_template);
}
if (arg_template && !(arg_directory || arg_machine)) {
if (r < 0)
return log_error_errno(r, "Failed to resolve path %s: %m", *p);
- free(*p);
- *p = chased;
-
- return 0;
+ free_and_replace(*p, chased);
+ return r; /* r might be an fd here in case we ever use CHASE_OPEN in flags */
}
static int determine_uid_shift(const char *directory) {
arg_uid_shift,
arg_uid_range,
arg_selinux_apifs_context);
-
if (r < 0)
return r;
+ if (!arg_network_namespace_path && arg_private_network) {
+ r = unshare(CLONE_NEWNET);
+ if (r < 0)
+ return log_error_errno(errno, "Failed to unshare network namespace: %m");
+ }
+
r = mount_sysfs(NULL, arg_mount_settings);
if (r < 0)
return r;
if (arg_use_cgns && cg_ns_supported()) {
r = unshare(CLONE_NEWCGROUP);
if (r < 0)
- return log_error_errno(errno, "Failed to unshare cgroup namespace");
+ return log_error_errno(errno, "Failed to unshare cgroup namespace: %m");
r = mount_cgroups(
"",
arg_unified_cgroup_hierarchy,
ssize_t l;
int r;
_cleanup_close_ int fd = -1;
- bool create_netns;
assert(barrier);
assert(directory);
return log_error_errno(errno, "PR_SET_PDEATHSIG failed: %m");
if (interactive) {
- close_nointr(STDIN_FILENO);
- close_nointr(STDOUT_FILENO);
- close_nointr(STDERR_FILENO);
-
- r = open_terminal(console, O_RDWR);
- if (r != STDIN_FILENO) {
- if (r >= 0) {
- safe_close(r);
- r = -EINVAL;
- }
+ int terminal;
- return log_error_errno(r, "Failed to open console: %m");
- }
+ terminal = open_terminal(console, O_RDWR);
+ if (terminal < 0)
+ return log_error_errno(terminal, "Failed to open console: %m");
- if (dup2(STDIN_FILENO, STDOUT_FILENO) != STDOUT_FILENO ||
- dup2(STDIN_FILENO, STDERR_FILENO) != STDERR_FILENO)
- return log_error_errno(errno, "Failed to duplicate console: %m");
+ r = rearrange_stdio(terminal, terminal, terminal); /* invalidates 'terminal' on success and failure */
+ if (r < 0)
+ return log_error_errno(r, "Failed to move console to stdin/stdout/stderr: %m");
}
r = reset_audit_loginuid();
if (fd < 0)
return fd;
- create_netns = !arg_network_namespace_path && arg_private_network;
-
pid = raw_clone(SIGCHLD|CLONE_NEWNS|
arg_clone_ns_flags |
- (create_netns ? CLONE_NEWNET : 0) |
(arg_userns_mode != USER_NAMESPACE_NO ? CLONE_NEWUSER : 0));
if (pid < 0)
return log_error_errno(errno, "Failed to fork inner child: %m");
goto finish;
}
- r = dissect_image(
+ r = dissect_image_and_warn(
loop->fd,
+ arg_image,
arg_root_hash, arg_root_hash_size,
DISSECT_IMAGE_REQUIRE_ROOT,
&dissected_image);
if (r == -ENOPKG) {
- log_error_errno(r, "Could not find a suitable file system or partition table in image: %s", arg_image);
-
+ /* dissected_image_and_warn() already printed a brief error message. Extend on that with more details */
log_notice("Note that the disk image needs to\n"
" a) either contain only a single MBR partition of type 0x83 that is marked bootable\n"
" b) or contain a single GPT partition of type 0FC63DAF-8483-4772-8E79-3D69D8477DE4\n"
"in order to be bootable with systemd-nspawn.");
goto finish;
}
- if (r == -EADDRNOTAVAIL) {
- log_error_errno(r, "No root partition for specified root hash found.");
- goto finish;
- }
- if (r == -EOPNOTSUPP) {
- log_error_errno(r, "--image= is not supported, compiled without blkid support.");
- goto finish;
- }
- if (r == -EPROTONOSUPPORT) {
- log_error_errno(r, "Device is loopback block device with partition scanning turned off, please turn it on.");
- goto finish;
- }
- if (r < 0) {
- log_error_errno(r, "Failed to dissect image: %m");
+ if (r < 0)
goto finish;
- }
if (!arg_root_hash && dissected_image->can_verity)
log_notice("Note: image %s contains verity information, but no root hash specified! Proceeding without integrity checking.", arg_image);
projects / thirdparty / systemd.git / blobdiff