+ /* Try to apply a UID shift, so that the directory is actually owned by "nobody", and is only mapped
+ * to the proper UID while active. — Well, that's at least the theory. Unfortunately, only btrfs does
+ * per-subvolume quota. The others do per-uid quota. Which means mapping all home directories to the
+ * same UID of "nobody" makes quota impossible. Hence unless we actually managed to create a btrfs
+ * subvolume for this user we'll map the user's UID to itself. Now you might ask: why bother mapping
+ * at all? It's because we want to restrict the UIDs used on the home directory: we leave all other
+ * UIDs of the homed UID range unmapped, thus making them unavailable to programs accessing the
+ * mount. */
+ r = home_shift_uid(setup->root_fd, HOME_RUNTIME_WORK_DIR, is_subvolume ? UID_NOBODY : h->uid, h->uid, &mount_fd);
+ if (r > 0)
+ setup->undo_mount = true; /* If uidmaps worked we have a mount to undo again */
+
+ if (mount_fd >= 0) {
+ /* If we have established a new mount, then we can use that as new root fd to our home directory. */
+ safe_close(setup->root_fd);
+
+ setup->root_fd = fd_reopen(mount_fd, O_RDONLY|O_CLOEXEC|O_DIRECTORY);
+ if (setup->root_fd < 0)
+ return log_error_errno(setup->root_fd, "Unable to convert mount fd into proper directory fd: %m");
+
+ mount_fd = safe_close(mount_fd);
+ }
+