nspawn: change owner/group of /run/systemd/nspawn/notify to userns-root

Fixes #4944

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 78ae2f4a0fefa9614f9631c7aa4913de3e4eecbf..532be148a6a021056d9b26bcd646a2cf12d691fb 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2363,6 +2363,12 @@ static int setup_sd_notify_child(void) {
                 return log_error_errno(errno, "bind(%s) failed: %m", sa.un.sun_path);
         }
 
+        r = userns_lchown(NSPAWN_NOTIFY_SOCKET_PATH, 0, 0);
+        if (r < 0) {
+                safe_close(fd);
+                return log_error_errno(r, "Failed to chown " NSPAWN_NOTIFY_SOCKET_PATH ": %m");
+        }
+
         r = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &one, sizeof(one));
         if (r < 0) {
                 safe_close(fd);