importd: downgrade log message about bound capability set dropping + netns

An unprivileged process cannot reduce its own capability bounding set,
hence, while it is nice to reduce the set, let's not log about it
loudly, in case we are invoked unpriv (which we explicity support these
days after all).

An unpriv process also cannot detach from its netns, hence also
downgrade the warning to a debug message.

diff --git a/src/import/import-common.c b/src/import/import-common.c
index d8fd6e398256ac70b4ae573af32b33032130d2df..f3d70c6f0fefa23e3b841e5c9e486df40bfebe09 100644 (file)
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -72,11 +72,11 @@ int import_fork_tar_x(int tree_fd, int userns_fd, PidRef *ret_pid) {
                 }
 
                 if (unshare(CLONE_NEWNET) < 0)
-                        log_warning_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
+                        log_debug_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
 
                 r = capability_bounding_set_drop(retain, true);
                 if (r < 0)
-                        log_warning_errno(r, "Failed to drop capabilities, ignoring: %m");
+                        log_debug_errno(r, "Failed to drop capabilities, ignoring: %m");
 
                 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
                         log_warning_errno(errno, "Failed to enable PR_SET_NO_NEW_PRIVS, ignoring: %m");