diff options
author | Alan Jenkins <alan.christopher.jenkins@gmail.com> | 2018-01-18 12:07:31 +0000 |
---|---|---|
committer | Sven Eden <yamakuzure@gmx.net> | 2018-05-30 07:50:11 +0200 |
commit | 59c2515f2ea238d2712b25229e43fe176139a3bb (patch) | |
tree | b9bf2ecea10515ef6ea330dee56d08c96438c4a3 /src/core/cgroup.c | |
parent | 6290a1dcc0ab66c4ef6548979be8ccb394b84415 (diff) |
core: un-break PrivateDevices= by allowing it to mknod /dev/ptmx
#7886 caused PrivateDevices= to silently fail-open.
https://github.com/systemd/systemd/pull/7886#issuecomment-358542849
Allow PrivateDevices= to succeed, in creating /dev/ptmx, even though
DeviceControl=closed applies.
No specific justification was given for blocking mknod of /dev/ptmx. Only
that we didn't seem to need it, because we weren't creating it correctly as
a device node.
Diffstat (limited to 'src/core/cgroup.c')
-rw-r--r-- | src/core/cgroup.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 161ea7dc8..cc0b7b167 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -979,7 +979,7 @@ static void cgroup_context_apply( "/dev/random\0" "rwm\0" "/dev/urandom\0" "rwm\0" "/dev/tty\0" "rwm\0" - "/dev/pts/ptmx\0" "rw\0" /* /dev/pts/ptmx may not be duplicated, but accessed */ + "/dev/ptmx\0" "rwm\0" /* Allow /run/systemd/inaccessible/{chr,blk} devices for mapping InaccessiblePaths */ "-/run/systemd/inaccessible/chr\0" "rwm\0" "-/run/systemd/inaccessible/blk\0" "rwm\0"; @@ -989,6 +989,7 @@ static void cgroup_context_apply( NULSTR_FOREACH_PAIR(x, y, auto_devices) whitelist_device(path, x, y); + /* PTS (/dev/pts) devices may not be duplicated, but accessed */ whitelist_major(path, "pts", 'c', "rw"); } |