diff options
Diffstat (limited to 'src/core/mount-setup.c')
-rw-r--r-- | src/core/mount-setup.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index eda2328f0..d98507db1 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -477,14 +477,20 @@ int mount_setup(bool loaded_policy) { (void) mkdir_label("/run/systemd/system", 0755); #endif // 0 - /* Set up inaccessible items */ + /* Set up inaccessible (and empty) file nodes of all types */ (void) mkdir_label("/run/systemd/inaccessible", 0000); (void) mknod("/run/systemd/inaccessible/reg", S_IFREG | 0000, 0); (void) mkdir_label("/run/systemd/inaccessible/dir", 0000); - (void) mknod("/run/systemd/inaccessible/chr", S_IFCHR | 0000, makedev(0, 0)); - (void) mknod("/run/systemd/inaccessible/blk", S_IFBLK | 0000, makedev(0, 0)); (void) mkfifo("/run/systemd/inaccessible/fifo", 0000); (void) mknod("/run/systemd/inaccessible/sock", S_IFSOCK | 0000, 0); + /* The following two are likely to fail if we lack the privs for it (for example in an userns environment, if + * CAP_SYS_MKNOD is missing, or if a device node policy prohibit major/minor of 0 device nodes to be + * created). But that's entirely fine. Consumers of these files should carry fallback to use a different node + * then, for example /run/systemd/inaccessible/sock, which is close enough in behaviour and semantics for most + * uses. */ + (void) mknod("/run/systemd/inaccessible/chr", S_IFCHR | 0000, makedev(0, 0)); + (void) mknod("/run/systemd/inaccessible/blk", S_IFBLK | 0000, makedev(0, 0)); + return 0; } |