nspawn: permit --ephemeral with --link-journal=try-* (treat as =no)

Common sense says that to "try" something means "to not fail if
something turns out not to be possible", thus do not make this
combination a hard error.

The actual implementation ignores any --link-journal= setting when
--ephemeral is in effect, so the semantics are upheld.

diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 59b2c1a2d0bb073b9eeb6ac214c557717cfeda0b..dc4a69f729fb6c0d2ded48440743780ddd4ac482 100644 (file)
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -1439,7 +1439,8 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
         and the subdirectory is symlinked into the host at the same
         location. <literal>try-host</literal> and
         <literal>try-guest</literal> do the same but do not fail if
-        the host does not have persistent journaling enabled. If
+        the host does not have persistent journaling enabled, or if
+        the container is in the <option>--ephemeral</option> mode. If
         <literal>auto</literal> (the default), and the right
         subdirectory of <filename>/var/log/journal</filename> exists,
         it will be bind mounted into the container. If the

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 40127a88a61a2e633d32910b4aa0502e3b948e03..c0ec076b2463c1f425af431fe7d0213324062991 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1728,8 +1728,10 @@ static int verify_arguments(void) {
         if (arg_ephemeral && arg_template)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "--ephemeral and --template= may not be combined.");
 
-        if (arg_ephemeral && !IN_SET(arg_link_journal, LINK_NO, LINK_AUTO))
-                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "--ephemeral and --link-journal= may not be combined.");
+        /* Permit --ephemeral with --link-journal=try-* to satisfy principle of the least astonishment
+         * (by common sense, "try" means "do not fail if not possible") */
+        if (arg_ephemeral && !IN_SET(arg_link_journal, LINK_NO, LINK_AUTO) && !arg_link_journal_try)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "--ephemeral and --link-journal={host,guest} may not be combined.");
 
         if (arg_userns_mode != USER_NAMESPACE_NO && !userns_supported())
                 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "--private-users= is not supported, kernel compiled without user namespace support.");