execute: don't honour PrivateNetwork() if we lack CAP_NET_ADMIN
Somehow the Linux kernel allows us to allocate a network namespace if we
possess CAP_SYS_ADMIN but doesn't allow us to configure it, unless we
also have CAP_NET_ADMIN.
Taking that into consideration let's avoid allocating a network
namespace we cannot even configure "lo" in.
This is common case if nspawn is invoked without userns and without
netns, because in that case it will have CAP_SYS_ADMIN but no
CAP_NET_ADMIN.
This also takes down a notch the messages about the automatic
downgrading. These have been LOG_WARNING so far, and I downgraded them
to LOG_NOTICE, since in an environment where CAP_NET_ADMIN is not
available this is really not something to be concerned about, but still
noticable. With that it's still more priorized than regular LOG_INFO.
projects / thirdparty / systemd.git / commit
