return r;
}
- /* We unconditionally try to create /dev/net/tun, but let's ignore failure if --private-network is
- * unspecified. The failure can be triggered when e.g. DevicePolicy= is set, but DeviceAllow= does
- * not contains the device node, and --private-users=pick is specified. */
- r = copy_devnode_one(dest, "net/tun", /* ignore_mknod_failure = */ !arg_private_network);
- if (r < 0)
- return r;
+ /* Similarly, create /dev/net/tun only when it is accessible. */
+ _cleanup_close_ int tun_fd = open("/dev/net/tun", O_CLOEXEC|O_RDWR);
+ if (tun_fd >= 0) {
+ r = copy_devnode_one(dest, "net/tun", /* ignore_mknod_failure = */ false);
+ if (r < 0)
+ return r;
+ }
return 0;
}
}
test_tun() {
- local expect=${1?}
- local exists=${2?}
- local command command_exists command_not_exists
- shift 2
-
- command_exists='[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]'
- command_not_exists='[[ ! -e /dev/net/tun ]]'
-
- if [[ "$exists" == 0 ]]; then
- command="$command_not_exists"
- else
- command="$command_exists"
- fi
-
- systemd-nspawn "$@" bash -xec "$command_exists"
+ systemd-nspawn "$@" bash -xec '[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]'
# check if the owner of the host device is unchanged, see issue #34243.
[[ "$(stat /dev/net/tun --format=%u)" == 0 ]]
[[ "$(stat /dev/net/tun --format=%g)" == 0 ]]
# Without DeviceAllow= for /dev/net/tun, see issue #35116.
- assert_rc \
- "$expect" \
- systemd-run --wait -p Environment=SYSTEMD_LOG_LEVEL=debug -p DevicePolicy=closed -p DeviceAllow="char-pts rw" \
- systemd-nspawn "$@" bash -xec "$command"
+ systemd-run \
+ --wait -p Environment=SYSTEMD_LOG_LEVEL=debug -p DevicePolicy=closed -p DeviceAllow="char-pts rw" \
+ systemd-nspawn "$@" bash -xec '[[ ! -e /dev/net/tun ]]'
[[ "$(stat /dev/net/tun --format=%u)" == 0 ]]
[[ "$(stat /dev/net/tun --format=%g)" == 0 ]]
root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.tun.XXX)"
create_dummy_container "$root"
- test_tun 0 1 --ephemeral --directory="$root" --private-users=no
- test_tun 0 1 --ephemeral --directory="$root" --private-users=yes
- test_tun 0 0 --ephemeral --directory="$root" --private-users=pick
- test_tun 0 1 --ephemeral --directory="$root" --private-users=no --private-network
- test_tun 0 1 --ephemeral --directory="$root" --private-users=yes --private-network
- test_tun 1 0 --ephemeral --directory="$root" --private-users=pick --private-network
+ test_tun --ephemeral --directory="$root" --private-users=no
+ test_tun --ephemeral --directory="$root" --private-users=yes
+ test_tun --ephemeral --directory="$root" --private-users=pick
+ test_tun --ephemeral --directory="$root" --private-users=no --private-network
+ test_tun --ephemeral --directory="$root" --private-users=yes --private-network
+ test_tun --ephemeral --directory="$root" --private-users=pick --private-network
rm -fr "$root"
}
projects / thirdparty / systemd.git / commitdiff
