Without this patch, it is not possible to allocate PTYs when a generated
rootfs image with a recent glibc and systemd is launched as a container on
an RHEL7 system via machinectl/systemd-nspawn. The container boots, but
`machinectl login mycontainer` fails. The culprit is /dev/pts/ptmx with
0000 perms.
On a typical system, there are two `ptmx` devices. One is provided by the
devpts at /dev/pts/ptmx and it is typically not directly accessed from
userspace. The other one which actually *is* opened by processes is
/dev/ptmx. Kernel's documentation says these days that /dev/ptmx should be
either a symlink, or a bind mount of the /dev/pts/ptmx from devpts.
When a container is launched via machinectl/machined/systemd-nspawn, the
container manager prepares a root filesystem so that the container can live
in an appropriate namespace (this is similar to what initramfs is doing on
x86 desktops). During these preparations, systemd-nspawn mounts a devpts
instance using a correct ptmxmode=0666 within the container-to-be's
/dev/pts, and it adds a compatibility symlink at /dev/ptmx. However, once
systemd takes over as an init in the container,
/lib/systemd/systemd-remount-fs applies mount options from /etc/fstab to
all fileystems. Because the buildroot's template used to not include the
ptmxmode=... option, a default value of 0000 was taking an effect which in
turn led to not being able to allocate any pseudo-terminals.
The relevant kernel option was introduced upstream in commit 1f8f1e29 back
in 2009. The oldest linux-headers referenced from buildroot's config is
3.0, and that version definitely has that commit. Mount options that are
not understood by the system are anyway ignored, so backward
compatibility is preserved.
Signed-off-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: fix commit title, adjust commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Making /var/run and /run symlinks to /tmp is bad since the underlying
tmpfs filesystem is mode 1777 which leads to possible security attack
vectors via badly owned/mask-mode pidfiles and state files residing there.
So make /run a proper directory with /var/run symlinked to it.
Eventually all startup scripts and state info should be pointed to /run
directly as per the linux fhs and good practice.
Add a tmpfs filesystem entry for /run so that busybox inittab, systemv
inittab and systemd automount mounts it there to avoid breaking the
system.
While at it fix inconsistent spacing in /etc/fstab by using tabs and
drop the "static file system information" header whatever that means.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
ramfs (which is used instead of tmpfs if CONFIG_SHMEM isn't enabled in the
kernel configuration), defaults to mode 0755 instead of 01777 like tmpfs
uses.
/tmp should be world writable and sticky, so explictly enforce the mode so
ramfs users gets it correct instead of relying on the defaults.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This directory groups the following elements:
* the default root filesystem skeleton
* the default device tables
* the Config.in options for system configuration (UART port for
getty, system hostname, etc.)
* the make rules to apply the system configuration options
Even though the skeleton and device tables could have lived in fs/, it
would have been strange to have the UART, system hostname and other
related options into fs/. A new system/ directory makes more sense.
As a consequence, this patch also removes target/Makefile.in, which
has become useless in the process.
[Peter: fixup TARGET_SKELETON settings / documentation to match]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Yann E. MORIN <yann.morin.1998@free.fr>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
