From 25dbf586b20e7418ed06857a3cad8dac630a6123 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 18 Aug 2025 23:18:34 +0200
Subject: [PATCH] importd: downgrade log message about bound capability set
 dropping + netns

An unprivileged process cannot reduce its own capability bounding set,
hence, while it is nice to reduce the set, let's not log about it
loudly, in case we are invoked unpriv (which we explicity support these
days after all).

An unpriv process also cannot detach from its netns, hence also
downgrade the warning to a debug message.
---
 src/import/import-common.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/import/import-common.c b/src/import/import-common.c
index d8fd6e39825..f3d70c6f0fe 100644
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -72,11 +72,11 @@ int import_fork_tar_x(int tree_fd, int userns_fd, PidRef *ret_pid) {
                 }
 
                 if (unshare(CLONE_NEWNET) < 0)
-                        log_warning_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
+                        log_debug_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
 
                 r = capability_bounding_set_drop(retain, true);
                 if (r < 0)
-                        log_warning_errno(r, "Failed to drop capabilities, ignoring: %m");
+                        log_debug_errno(r, "Failed to drop capabilities, ignoring: %m");
 
                 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0)
                         log_warning_errno(errno, "Failed to enable PR_SET_NO_NEW_PRIVS, ignoring: %m");
-- 
2.47.3