From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 13 Nov 2024 04:36:11 +0000 (+0900)
Subject: nspawn: ignore failure in creating /dev/net/tun when --private-network is unspecified
X-Git-Tag: v256.8~2
X-Git-Url: http://git-history.diyao.me/?a=commitdiff_plain;h=04ee5e25a1082d4c6c0c52a154d5ad5fc959a853;p=systemd%2F.git

nspawn: ignore failure in creating /dev/net/tun when --private-network is unspecified

Follow-up for efedb6b0f3cff37950112fd37cb750c16d599bc7.
Closes #35116.

(cherry picked from commit 985ea98e7f90c92fcc0b8441fafb190353d2feb8)
Really rewritten from scratch.
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 85a98e6b9f..d1bc827ce9 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2183,6 +2183,7 @@ static int copy_devnodes(const char *dest) {
         NULSTR_FOREACH(d, devnodes) {
                 _cleanup_free_ char *from = NULL, *to = NULL;
                 struct stat st;
+                bool ignore_mknod_failure = streq(d, "net/tun");
 
                 from = path_join("/dev/", d);
                 if (!from)
@@ -2207,16 +2208,31 @@ static int copy_devnodes(const char *dest) {
                                 /* Explicitly warn the user when /dev is already populated. */
                                 if (errno == EEXIST)
                                         log_notice("%s/dev/ is pre-mounted and pre-populated. If a pre-mounted /dev/ is provided it needs to be an unpopulated file system.", dest);
-                                if (!ERRNO_IS_PRIVILEGE(errno) || arg_uid_shift != 0)
+                                if (!ERRNO_IS_PRIVILEGE(errno) || arg_uid_shift != 0) {
+                                        if (ignore_mknod_failure) {
+                                                log_debug_errno(r, "mknod(%s) failed, ignoring: %m", to);
+                                                return 0;
+                                        }
                                         return log_error_errno(errno, "mknod(%s) failed: %m", to);
+                                }
 
                                 /* Some systems abusively restrict mknod but allow bind mounts. */
                                 r = touch(to);
-                                if (r < 0)
+                                if (r < 0) {
+                                        if (ignore_mknod_failure) {
+                                                log_debug_errno(r, "touch (%s) failed, ignoring: %m", to);
+                                                return 0;
+                                        }
                                         return log_error_errno(r, "touch (%s) failed: %m", to);
+                                }
                                 r = mount_nofollow_verbose(LOG_DEBUG, from, to, NULL, MS_BIND, NULL);
-                                if (r < 0)
+                                if (r < 0) {
+                                        if (ignore_mknod_failure) {
+                                                log_debug_errno(r, "Both mknod and bind mount (%s) failed, ignoring: %m", to);
+                                                return 0;
+                                        }
                                         return log_error_errno(r, "Both mknod and bind mount (%s) failed: %m", to);
+                                }
                         } else {
                                 r = userns_lchown(to, 0, 0);
                                 if (r < 0)