From 414b304ba2ffabf85057b133e7aa0573f0cbd029 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=D0=94=D0=B0=D0=BC=D1=98=D0=B0=D0=BD=20=D0=93=D0=B5=D0=BE?=
 =?utf8?q?=D1=80=D0=B3=D0=B8=D0=B5=D0=B2=D1=81=D0=BA=D0=B8?=
 <gdamjan@gmail.com>
Date: Tue, 16 Jan 2018 21:50:36 +0100
Subject: [PATCH] namespace: only make the symlink /dev/ptmx if it was already
 a symlink
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

…otherwise try to clone it as a device node

On most contemporary distros /dev/ptmx is a device node, and
/dev/pts/ptmx has 000 inaccessible permissions. In those cases
the symlink /dev/ptmx -> /dev/pts/ptmx breaks the pseudo tty support.

In that case we better clone the device node.

OTOH, in nspawn containers (and possibly others), /dev/pts/ptmx has
normal permissions, and /dev/ptmx is a symlink. In that case make the
same symlink.

fixes #7878
---
 src/core/namespace.c | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/core/namespace.c b/src/core/namespace.c
index d5b050f..d6c1b1b 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -496,14 +496,12 @@ static void drop_outside_root(const char *root_directory, MountEntry *m, unsigne
         *n = t - m;
 }
 
-static int clone_device_node(const char *d, const char *temporary_mount)
-{
+static int clone_device_node(const char *d, const char *temporary_mount) {
         _cleanup_free_ char *dn = NULL;
         struct stat st;
         int r;
 
-        r = stat(d, &st);
-        if (r < 0) {
+        if (stat(d, &st) < 0) {
                 if (errno == ENOENT)
                         return 0;
                 return -errno;
@@ -542,6 +540,7 @@ static int mount_private_dev(MountEntry *m) {
         char temporary_mount[] = "/tmp/namespace-dev-XXXXXX";
         const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
         _cleanup_umask_ mode_t u;
+        struct stat st;
         int r;
 
         assert(m);
@@ -565,11 +564,27 @@ static int mount_private_dev(MountEntry *m) {
                 goto fail;
         }
 
-        devptmx = strjoina(temporary_mount, "/dev/ptmx");
-        if (symlink("pts/ptmx", devptmx) < 0) {
+        /* /dev/ptmx can either be a device node or a symlink to /dev/pts/ptmx
+         * when /dev/ptmx a device node, /dev/pts/ptmx has 000 permissions making it inaccessible
+         * thus, in that case make a clone
+         *
+         * in nspawn and other containers it will be a symlink, in that case make it a symlink
+         */
+        if (lstat("/dev/ptmx", &st) < 0) {
                 r = -errno;
                 goto fail;
         }
+        if (S_ISLNK(st.st_mode)) {
+                devptmx = strjoina(temporary_mount, "/dev/ptmx");
+                if (symlink("pts/ptmx", devptmx) < 0) {
+                        r = -errno;
+                        goto fail;
+                }
+        } else {
+                r = clone_device_node("/dev/ptmx", temporary_mount);
+                if (r < 0)
+                        goto fail;
+        }
 
         devshm = strjoina(temporary_mount, "/dev/shm");
         (void) mkdir(devshm, 01777);
-- 
2.7.4