]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3cc23a2) | patch
nspawn: create /dev/net/tun only when it is accessible
authorYu Watanabe <watanabe.yu+github@gmail.com>
Mon, 17 Feb 2025 14:59:46 +0000 (23:59 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Tue, 18 Feb 2025 14:24:20 +0000 (23:24 +0900)
commit9fff6bf59e6cfbbc8bddee1e802a94a38d29063a
treef5329a8dfdae3e47c501557c93aab1becb5d14eetree | snapshot
parent3cc23a2c2345eb188551565349c89ec1fa8f650fcommit | diff
nspawn: create /dev/net/tun only when it is accessible

Follow-up for 985ea98e7f90c92fcc0b8441fafb190353d2feb8.

When DevicePolicy= is enabled, but DeviceAllow= for /dev/net/tun is not
specified, bind-mounting the device node from the host system is
meaningless, as it cannot be used in the container anyway.

Let's check the device node is accessible before creating or
bind-mounting.
src/nspawn/nspawn.c diff | blob | blame | history
test/units/TEST-13-NSPAWN.nspawn.sh diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.