From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 15 Jan 2025 22:18:39 +0000 (+0100)
Subject: namespace-util: don't reset UID/GIDs in namespace_enter() unless we enter a userns
X-Git-Tag: v258-rc1~1582
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=39706728e191a588bbf79ff388e8876ef38d0856;p=thirdparty%2Fsystemd.git

namespace-util: don't reset UID/GIDs in namespace_enter() unless we enter a userns

The reset of UID/GID only really makes sense if we enter a userns, hence
let#s restrict it to that.
---

diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
index 060c540f8af..36ebda9ba47 100644
--- a/src/basic/namespace-util.c
+++ b/src/basic/namespace-util.c
@@ -247,7 +247,10 @@ int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int
                         return -errno;
         }
 
-        return reset_uid_gid();
+        if (userns_fd >= 0)
+                return reset_uid_gid();
+
+        return 0;
 }
 
 int fd_is_namespace(int fd, NamespaceType type) {
@@ -768,4 +771,3 @@ int netns_acquire(void) {
 
         return pidref_namespace_open_by_type(&pid, NAMESPACE_NET);
 }
-