]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: e271497 211c3c9)
namespace-util: Merge namespace_enter_delegated() into namespace_enter() (#40669)
authorDaan De Meyer <daan@amutable.com>
Mon, 16 Feb 2026 10:26:41 +0000 (11:26 +0100)
committerGitHub <noreply@github.com>
Mon, 16 Feb 2026 10:26:41 +0000 (11:26 +0100)
There's no need to pass in a boolean to decide whether we use
namespace_enter_delegated() or not. Instead, we can just check if we
have CAP_SYS_ADMIN in our own user namespace. If we don't, then we have
to insist on a child user namespace being passed in and we have to enter
it first to get CAP_SYS_ADMIN as without CAP_SYS_ADMIN we wouldn't be
able
to call setns() in the first place. If we do have CAP_SYS_ADMIN, we can
always enter the other namespaces first before entering the user
namespace.

Additionally, we don't fail anymore if we can't reset the UID/GID since
a
root user might not always be available in every user namespace we might
enter.

1  2 
src/basic/process-util.c patch | diff1 | diff2 | blob | history
src/basic/process-util.h patch | diff1 | diff2 | blob | history

diff --cc src/basic/process-util.c
Simple merge
diff --cc src/basic/process-util.h
Simple merge
Unnamed repository; edit this file 'description' to name the repository.