process-util: teach namespace_fork() to optionally use namespace_enter_delegated()

author Mike Yuan <me@yhndnzj.com>

Mon, 15 Dec 2025 18:46:59 +0000 (19:46 +0100)

committer Mike Yuan <me@yhndnzj.com>

Tue, 10 Feb 2026 20:54:12 +0000 (21:54 +0100)
author Mike Yuan <me@yhndnzj.com>
Mon, 15 Dec 2025 18:46:59 +0000 (19:46 +0100)
committer Mike Yuan <me@yhndnzj.com>
Tue, 10 Feb 2026 20:54:12 +0000 (21:54 +0100)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c

index 9c44193b67cd43c81f33f88e02b19bd50facf772..52af6a01c8a7677b32a97feebfcc76888d7c08e3 100644 (file)
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -1778,6 +1778,7 @@ int namespace_fork_full(
                  int netns_fd,
                  int userns_fd,
                  int root_fd,
+                bool delegated,
                  PidRef *ret) {
  
          _cleanup_(pidref_done_sigkill_wait) PidRef pidref_outer = PIDREF_NULL;
@@ -1823,7 +1824,10 @@ int namespace_fork_full(
  
                  errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
  
-                r = namespace_enter(pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd);
+                if (delegated)
+                        r = namespace_enter_delegated(userns_fd, pidns_fd, mntns_fd, netns_fd, root_fd);
+                else
+                        r = namespace_enter(pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd);
                  if (r < 0) {
                          log_full_errno(prio, r, "Failed to join namespace: %m");
                          report_errno_and_exit(errno_pipe_fd[1], r);
diff --git a/src/basic/process-util.h b/src/basic/process-util.h

index 46a5612048f908bf8c39c0d41abfc0326250ae31..66bb194bac0bca4b12b617bcd4523e12f81398fa 100644 (file)
--- a/src/basic/process-util.h
+++ b/src/basic/process-util.h
@@ -201,6 +201,7 @@ int namespace_fork_full(
                  int netns_fd,
                  int userns_fd,
                  int root_fd,
+                bool delegated,
                  PidRef *ret);
  
  static inline int namespace_fork(
@@ -215,7 +216,7 @@ static inline int namespace_fork(
                  PidRef *ret) {
  
          return namespace_fork_full(outer_name, inner_name, NULL, 0, flags,
-                                   pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd,
+                                   pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd, false,
                                     ret);
  }
author	Mike Yuan <me@yhndnzj.com>
	Mon, 15 Dec 2025 18:46:59 +0000 (19:46 +0100)
committer	Mike Yuan <me@yhndnzj.com>
	Tue, 10 Feb 2026 20:54:12 +0000 (21:54 +0100)
src/basic/process-util.c		patch \| blob \| blame \| history
src/basic/process-util.h		patch \| blob \| blame \| history