nspawn-mount: Use setns() in wipe_fully_visible_api_fs()

author Daan De Meyer <daan@amutable.com>

Mon, 16 Feb 2026 18:59:10 +0000 (19:59 +0100)

committer Mike Yuan <me@yhndnzj.com>

Tue, 17 Feb 2026 03:55:24 +0000 (04:55 +0100)
author Daan De Meyer <daan@amutable.com>
Mon, 16 Feb 2026 18:59:10 +0000 (19:59 +0100)
committer Mike Yuan <me@yhndnzj.com>
Tue, 17 Feb 2026 03:55:24 +0000 (04:55 +0100)
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c

index a996b28fce00925961260e60c8cb0d92208626c6..cfb4aac6ff35ba0bd8e5dfdbfcd79f5c3368df09 100644 (file)
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -1,6 +1,7 @@
  /* SPDX-License-Identifier: LGPL-2.1-or-later */
  
  #include <linux/magic.h>
+#include <sched.h>
  #include <sys/mount.h>
  #include <unistd.h>
  
@@ -1491,7 +1492,7 @@ static int do_wipe_fully_visible_api_fs(void) {
  
  int wipe_fully_visible_api_fs(int mntns_fd) {
          _cleanup_close_ int orig_mntns_fd = -EBADF;
-        int r, rr;
+        int r;
  
          log_debug("Wiping fully visible API FS");
  
@@ -1499,23 +1500,13 @@ int wipe_fully_visible_api_fs(int mntns_fd) {
          if (orig_mntns_fd < 0)
                  return log_error_errno(orig_mntns_fd, "Failed to pin originating mount namespace: %m");
  
-        r = namespace_enter(/* pidns_fd= */ -EBADF,
-                            mntns_fd,
-                            /* netns_fd= */ -EBADF,
-                            /* userns_fd= */ -EBADF,
-                            /* root_fd= */ -EBADF);
-        if (r < 0)
-                return log_error_errno(r, "Failed to enter mount namespace: %m");
+        if (setns(mntns_fd, CLONE_NEWNS) < 0)
+                return log_error_errno(errno, "Failed to enter mount namespace: %m");
  
-        rr = do_wipe_fully_visible_api_fs();
+        r = do_wipe_fully_visible_api_fs();
  
-        r = namespace_enter(/* pidns_fd= */ -EBADF,
-                            orig_mntns_fd,
-                            /* netns_fd= */ -EBADF,
-                            /* userns_fd= */ -EBADF,
-                            /* root_fd= */ -EBADF);
-        if (r < 0)
-                return log_error_errno(r, "Failed to enter original mount namespace: %m");
+        if (setns(orig_mntns_fd, CLONE_NEWNS) < 0)
+                return log_error_errno(errno, "Failed to enter original mount namespace: %m");
  
-        return rr;
+        return r;
  }
author	Daan De Meyer <daan@amutable.com>
	Mon, 16 Feb 2026 18:59:10 +0000 (19:59 +0100)
committer	Mike Yuan <me@yhndnzj.com>
	Tue, 17 Feb 2026 03:55:24 +0000 (04:55 +0100)