From: Franck Bui <fbui@suse.com>
Date: Mon, 6 Dec 2021 14:00:12 +0000 (+0100)
Subject: Drop the limit on number of inodes for /dev
X-Git-Tag: v252-rc1~414
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=570fe6f12b96b47eff0a966fa589da77cbc5e0fe;p=thirdparty%2Fsystemd.git

Drop the limit on number of inodes for /dev

Follow-up for 4c733d3046942984c5f73b40c3af39cc218c103f.

Finding a suitable limit that would fit any use cases out there is pretty hard
and since /dev is only writeable by root anyway, let's simply drop the limit.
---

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 016afe4d9e9..d774467658b 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -926,7 +926,7 @@ static int mount_private_dev(MountEntry *m) {
 
         dev = strjoina(temporary_mount, "/dev");
         (void) mkdir(dev, 0755);
-        r = mount_nofollow_verbose(LOG_DEBUG, "tmpfs", dev, "tmpfs", DEV_MOUNT_OPTIONS, "mode=755" TMPFS_LIMITS_DEV);
+        r = mount_nofollow_verbose(LOG_DEBUG, "tmpfs", dev, "tmpfs", DEV_MOUNT_OPTIONS, "mode=755" TMPFS_LIMITS_PRIVATE_DEV);
         if (r < 0)
                 goto fail;
 
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index 60cb007baa9..d5af73a3cda 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -581,7 +581,7 @@ int mount_all(const char *dest,
                   MOUNT_FATAL|MOUNT_APPLY_APIVFS_RO|MOUNT_MKDIR },    /* skipped if above was mounted */
                 { "sysfs",                  "/sys",                         "sysfs", NULL,                             MS_NOSUID|MS_NOEXEC|MS_NODEV,
                   MOUNT_FATAL|MOUNT_MKDIR },                          /* skipped if above was mounted */
-                { "tmpfs",                  "/dev",                         "tmpfs", "mode=755" TMPFS_LIMITS_DEV,      MS_NOSUID|MS_STRICTATIME,
+                { "tmpfs",                  "/dev",                         "tmpfs", "mode=755" TMPFS_LIMITS_PRIVATE_DEV, MS_NOSUID|MS_STRICTATIME,
                   MOUNT_FATAL|MOUNT_MKDIR },
                 { "tmpfs",                  "/dev/shm",                     "tmpfs", "mode=1777" NESTED_TMPFS_LIMITS,  MS_NOSUID|MS_NODEV|MS_STRICTATIME,
                   MOUNT_FATAL|MOUNT_MKDIR },
diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h
index 960d586ba99..1797b8803c6 100644
--- a/src/shared/mount-util.h
+++ b/src/shared/mount-util.h
@@ -11,9 +11,15 @@
 #include "errno-util.h"
 #include "macro.h"
 
-/* 4MB for contents of regular files, 1m inodes for directories, symbolic links and device nodes, using
- * large storage array systems as a baseline */
-#define TMPFS_LIMITS_DEV             ",size=4m,nr_inodes=1m"
+/* The limit used for /dev itself. 4MB should be enough since device nodes and symlinks don't
+ * consume any space and udev isn't supposed to create regular file either. There's no limit on the
+ * max number of inodes since such limit is hard to guess especially on large storage array
+ * systems. */
+#define TMPFS_LIMITS_DEV             ",size=4m"
+
+/* The limit used for /dev in private namespaces. 4MB for contents of regular files. The number of
+ * inodes should be relatively low in private namespaces but for now use a 64k limit. */
+#define TMPFS_LIMITS_PRIVATE_DEV     ",size=4m,nr_inodes=64k"
 
 /* Very little, if any use expected */
 #define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k"