summaryrefslogtreecommitdiff
path: root/src/nspawn/nspawn-oci.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/nspawn/nspawn-oci.c')
-rw-r--r--src/nspawn/nspawn-oci.c33
1 files changed, 17 insertions, 16 deletions
diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c
index 3c6bfd3eaf..5e21538597 100644
--- a/src/nspawn/nspawn-oci.c
+++ b/src/nspawn/nspawn-oci.c
@@ -605,7 +605,7 @@ static int oci_namespace_type(const char *name, JsonVariant *v, JsonDispatchFlag
*nsflags = CLONE_NEWCGROUP;
else
return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL),
- "Unknown cgroup type, refusing: %s", n);
+ "Unknown namespace type, refusing: %s", n);
return 0;
}
@@ -663,7 +663,7 @@ static int oci_namespaces(const char *name, JsonVariant *v, JsonDispatchFlags fl
if (!FLAGS_SET(n, CLONE_NEWNS))
return json_log(v, flags, SYNTHETIC_ERRNO(EOPNOTSUPP),
- "Containers without file system namespace aren't supported.");
+ "Containers without a mount namespace aren't supported.");
s->private_network = FLAGS_SET(n, CLONE_NEWNET);
s->userns_mode = FLAGS_SET(n, CLONE_NEWUSER) ? USER_NAMESPACE_FIXED : USER_NAMESPACE_NO;
@@ -819,7 +819,7 @@ static int oci_device_file_mode(const char *name, JsonVariant *v, JsonDispatchFl
return json_log(v, flags, SYNTHETIC_ERRNO(ERANGE),
"fileMode out of range, refusing.");
- *mode = m;
+ *mode = (*mode & ~07777) | m;
return 0;
}
@@ -874,7 +874,7 @@ static int oci_devices(const char *name, JsonVariant *v, JsonDispatchFlags flags
/* Suppress a couple of implicit device nodes */
r = devname_from_devnum(node->mode, makedev(node->major, node->minor), &path);
if (r < 0)
- json_log(e, flags|JSON_DEBUG, 0, "Failed to resolve device node %u:%u, ignoring: %m", node->major, node->minor);
+ json_log(e, flags|JSON_DEBUG, r, "Failed to resolve device node %u:%u, ignoring: %m", node->major, node->minor);
else {
if (PATH_IN_SET(path,
"/dev/null",
@@ -1177,13 +1177,13 @@ static int oci_cgroup_memory(const char *name, JsonVariant *v, JsonDispatchFlags
};
static const JsonDispatch table[] = {
- { "limit", JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, limit), 0 },
- { "reservation", JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, reservation), 0 },
- { "swap", JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, swap), 0 },
- { "kernel", JSON_VARIANT_NUMBER, oci_unsupported, 0, JSON_PERMISSIVE },
- { "kernelTCP", JSON_VARIANT_NUMBER, oci_unsupported, 0, JSON_PERMISSIVE },
- { "swapiness", JSON_VARIANT_NUMBER, oci_unsupported, 0, JSON_PERMISSIVE },
- { "disableOOMKiller", JSON_VARIANT_NUMBER, oci_unsupported, 0, JSON_PERMISSIVE },
+ { "limit", JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, limit), 0 },
+ { "reservation", JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, reservation), 0 },
+ { "swap", JSON_VARIANT_NUMBER, oci_cgroup_memory_limit, offsetof(struct memory_data, swap), 0 },
+ { "kernel", JSON_VARIANT_NUMBER, oci_unsupported, 0, JSON_PERMISSIVE },
+ { "kernelTCP", JSON_VARIANT_NUMBER, oci_unsupported, 0, JSON_PERMISSIVE },
+ { "swapiness", JSON_VARIANT_NUMBER, oci_unsupported, 0, JSON_PERMISSIVE },
+ { "disableOOMKiller", JSON_VARIANT_BOOLEAN, oci_unsupported, 0, JSON_PERMISSIVE },
{}
};
@@ -1589,7 +1589,7 @@ static int oci_sysctl(const char *name, JsonVariant *v, JsonDispatchFlags flags,
assert_se(m = json_variant_string(w));
- if (sysctl_key_valid(k))
+ if (!sysctl_key_valid(k))
return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL),
"sysctl key invalid, refusing: %s", k);
@@ -1829,6 +1829,7 @@ static int oci_seccomp_syscalls(const char *name, JsonVariant *v, JsonDispatchFl
{ "names", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(struct syscall_rule, names), JSON_MANDATORY },
{ "action", JSON_VARIANT_STRING, oci_seccomp_action, offsetof(struct syscall_rule, action), JSON_MANDATORY },
{ "args", JSON_VARIANT_ARRAY, oci_seccomp_args, 0, 0 },
+ {}
};
struct syscall_rule rule = {
.action = UINT32_MAX,
@@ -2083,7 +2084,7 @@ static int oci_hooks_array(const char *name, JsonVariant *v, JsonDispatchFlags f
.timeout = USEC_INFINITY,
};
- r = json_dispatch(e, table, oci_unexpected, flags, userdata);
+ r = json_dispatch(e, table, oci_unexpected, flags, new_item);
if (r < 0) {
free(new_item->path);
strv_free(new_item->args);
@@ -2100,9 +2101,9 @@ static int oci_hooks_array(const char *name, JsonVariant *v, JsonDispatchFlags f
static int oci_hooks(const char *name, JsonVariant *v, JsonDispatchFlags flags, void *userdata) {
static const JsonDispatch table[] = {
- { "prestart", JSON_VARIANT_OBJECT, oci_hooks_array, 0, 0 },
- { "poststart", JSON_VARIANT_OBJECT, oci_hooks_array, 0, 0 },
- { "poststop", JSON_VARIANT_OBJECT, oci_hooks_array, 0, 0 },
+ { "prestart", JSON_VARIANT_ARRAY, oci_hooks_array, 0, 0 },
+ { "poststart", JSON_VARIANT_ARRAY, oci_hooks_array, 0, 0 },
+ { "poststop", JSON_VARIANT_ARRAY, oci_hooks_array, 0, 0 },
{}
};
View Lorry Controller Status