From: Aleksandr Mezin <mezin.alexander@gmail.com>
Date: Mon, 22 Sep 2025 10:59:38 +0000 (+0300)
Subject: nspawn: don't try to connect to D-Bus when it's not necessary (#39045)
X-Git-Tag: v259-rc1~473
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c3d5f5f165ce7ccf8d57c4272c39d83a08279db7;p=thirdparty%2Fsystemd.git

nspawn: don't try to connect to D-Bus when it's not necessary (#39045)

`runtime_bus` is only used if `!arg_keep_unit`.

`system_bus` is additionally used if `arg_register`.

So for `!arg_register && arg_keep_unit`, none of them should be
necessary, and nspawn should be able to work without any D-Bus
connections.

Fixes https://github.com/systemd/systemd/issues/39044

Follow-up for f2f26f1527529b1ea7dcb0dba85456ac98800627
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 88187a906e6..c392c22916c 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -5384,7 +5384,7 @@ static int run_container(
 
         /* Registration always happens on the system bus */
         _cleanup_(sd_bus_flush_close_unrefp) sd_bus *system_bus = NULL;
-        if (arg_register || arg_privileged) {
+        if (arg_register || (arg_privileged && !arg_keep_unit)) {
                 r = sd_bus_default_system(&system_bus);
                 if (r < 0)
                         return log_error_errno(r, "Failed to open system bus: %m");
@@ -5399,21 +5399,21 @@ static int run_container(
         /* Scope allocation happens on the user bus if we are unpriv, otherwise system bus. */
         _cleanup_(sd_bus_flush_close_unrefp) sd_bus *user_bus = NULL;
         _cleanup_(sd_bus_unrefp) sd_bus *runtime_bus = NULL;
-        if (arg_privileged)
-                runtime_bus = sd_bus_ref(system_bus);
-        else {
-                r = sd_bus_default_user(&user_bus);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to open user bus: %m");
+        if (!arg_keep_unit) {
+                if (arg_privileged)
+                        runtime_bus = sd_bus_ref(system_bus);
+                else {
+                        r = sd_bus_default_user(&user_bus);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to open user bus: %m");
 
-                r = sd_bus_set_close_on_exit(user_bus, false);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to disable close-on-exit behaviour: %m");
+                        r = sd_bus_set_close_on_exit(user_bus, false);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to disable close-on-exit behaviour: %m");
 
-                runtime_bus = sd_bus_ref(user_bus);
-        }
+                        runtime_bus = sd_bus_ref(user_bus);
+                }
 
-        if (!arg_keep_unit) {
                 /* When a new scope is created for this container, then we'll be registered as its controller, in which
                  * case PID 1 will send us a friendly RequestStop signal, when it is asked to terminate the
                  * scope. Let's hook into that, and cleanly shut down the container, and print a friendly message. */