if (context->dynamic_user &&
!IN_SET(type, EXEC_DIRECTORY_RUNTIME, EXEC_DIRECTORY_CONFIGURATION)) {
- _cleanup_free_ char *private_root = NULL, *relative = NULL, *parent = NULL;
+ _cleanup_free_ char *private_root = NULL;
/* So, here's one extra complication when dealing with DynamicUser=1 units. In that case we
* want to avoid leaving a directory around fully accessible that is owned by a dynamic user
goto fail;
}
- parent = dirname_malloc(p);
- if (!parent) {
- r = -ENOMEM;
- goto fail;
- }
-
- r = path_make_relative(parent, pp, &relative);
- if (r < 0)
- goto fail;
-
/* And link it up from the original place */
- r = symlink_idempotent(relative, p);
+ r = symlink_idempotent(pp, p, true);
if (r < 0)
goto fail;
* that with a special, recognizable error ENOANO. In this case, silently proceeed, but only if exclusively
* sandboxing options were used, i.e. nothing such as RootDirectory= or BindMount= that would result in a
* completely different execution environment. */
- if (r == -ENOANO &&
- n_bind_mounts == 0 && context->n_temporary_filesystems == 0 &&
- !root_dir && !root_image &&
- !context->dynamic_user) {
- log_unit_debug(u, "Failed to set up namespace, assuming containerized execution and ignoring.");
- return 0;
+ if (r == -ENOANO) {
+ if (n_bind_mounts == 0 &&
+ context->n_temporary_filesystems == 0 &&
+ !root_dir && !root_image &&
+ !context->dynamic_user) {
+ log_unit_debug(u, "Failed to set up namespace, assuming containerized execution and ignoring.");
+ return 0;
+ }
+
+ return -EOPNOTSUPP;
}
return r;