nspawn: add log message to let users know that nspawn needs an empty /dev directory...

Fixes https://github.com/systemd/systemd/issues/3695

At the same time it adds a protection against userns chown of inodes of
a shared mount point.

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index a5d5180727c3003c5949159f063f0a260bf2331a..9a8274c8de3f781b4a436810ca5a71d68aac2827 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1395,6 +1395,12 @@ static int copy_devnodes(const char *dest) {
 
                 } else {
                         if (mknod(to, st.st_mode, st.st_rdev) < 0) {
+                                /*
+                                 * This is some sort of protection too against
+                                 * recursive userns chown on shared /dev/
+                                 */
+                                if (errno == EEXIST)
+                                        log_notice("%s/dev/ should be an empty directory", dest);
                                 if (errno != EPERM)
                                         return log_error_errno(errno, "mknod(%s) failed: %m", to);