nspawn/machine: move mount propagation dir to /run/host/incoming

Previously we'd use a directory /run/systemd/nspawn/incoming for
accepting mounts to propagate from the host. This is a bit weird, since
we have a shared namespace: /run/systemd/ contains both stuff managed by
the surround nspawn as well as from the systemd inside.

We now have the /run/host/ hierarchy that has special stuff we want to
pass from host to container. Let's make use of that here, and move this
directory here too.

This is not a compat breakage, since the payload never interfaces with
that directory natively: it's only nspawn and machined that need to
agree on it.

diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index a3c97d8d8f8328ab5a3fe81d879e1f683851d508..f2285abc0e9e9527fc1be374dbe54c5b96afdbdc 100644 (file)
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -978,9 +978,8 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
                 goto finish;
         }
         if (r == 0) {
-                const char *mount_inside;
+                const char *mount_inside, *q;
                 int mntfd;
-                const char *q;
 
                 errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
 
@@ -1001,12 +1000,11 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
                                 (void) mkdir_p(dest, 0755);
                         else {
                                 (void) mkdir_parents(dest, 0755);
-                                safe_close(open(dest, O_CREAT|O_EXCL|O_WRONLY|O_CLOEXEC|O_NOCTTY, 0600));
+                                (void) mknod(dest, S_IFREG|0600, 0);
                         }
                 }
 
-                /* Fifth, move the mount to the right place inside */
-                mount_inside = strjoina("/run/systemd/nspawn/incoming/", basename(mount_outside));
+                mount_inside = strjoina("/run/host/incoming/", basename(mount_outside));
                 if (mount(mount_inside, dest, NULL, MS_MOVE, NULL) < 0) {
                         r = log_error_errno(errno, "Failed to mount: %m");
                         goto child_fail;

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 1b83f5ad58a2ebe6f2ce562b4b8782d330e97e20..98ba33935ef585f27b0ecb766d8ab9a13e920c78 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2517,19 +2517,15 @@ static int setup_propagate(const char *root) {
         p = strjoina("/run/systemd/nspawn/propagate/", arg_machine);
         (void) mkdir_p(p, 0600);
 
-        r = userns_mkdir(root, "/run/systemd", 0755, 0, 0);
+        r = userns_mkdir(root, "/run/host", 0755, 0, 0);
         if (r < 0)
-                return log_error_errno(r, "Failed to create /run/systemd: %m");
+                return log_error_errno(r, "Failed to create /run/host: %m");
 
-        r = userns_mkdir(root, "/run/systemd/nspawn", 0755, 0, 0);
+        r = userns_mkdir(root, "/run/host/incoming", 0600, 0, 0);
         if (r < 0)
-                return log_error_errno(r, "Failed to create /run/systemd/nspawn: %m");
+                return log_error_errno(r, "Failed to create /run/host/incoming: %m");
 
-        r = userns_mkdir(root, "/run/systemd/nspawn/incoming", 0600, 0, 0);
-        if (r < 0)
-                return log_error_errno(r, "Failed to create /run/systemd/nspawn/incoming: %m");
-
-        q = prefix_roota(root, "/run/systemd/nspawn/incoming");
+        q = prefix_roota(root, "/run/host/incoming");
         r = mount_verbose(LOG_ERR, p, q, NULL, MS_BIND, NULL);
         if (r < 0)
                 return r;
@@ -2538,8 +2534,7 @@ static int setup_propagate(const char *root) {
         if (r < 0)
                 return r;
 
-        /* machined will MS_MOVE into that directory, and that's only
-         * supported for non-shared mounts. */
+        /* machined will MS_MOVE into that directory, and that's only supported for non-shared mounts. */
         return mount_verbose(LOG_ERR, NULL, q, NULL, MS_SLAVE, NULL);
 }