import: do not create foreign ns on cleanup if not needed

The user ns is only used if the appropriate flag is set, so avoid
creating it unless it is. This avoids a spurious EPERM error in
TEST-13-NSPAWN.machined that is confusing when debugging failures

[ 34.054] systemd-importd[504]: (transfer18) Imported 92%.
[ 34.118] systemd-importd[504]: (transfer18) Failed to decode and write: Broken pipe
[ 34.119] systemd-importd[504]: (transfer18) Exiting.
[ 34.121] systemd-importd[504]: (transfer18) Failed to allocate transient user namespace: Operation not permitted
[ 34.121] systemd-importd[504]: Transfer process failed with exit code 1.

Follow-up for 1be8caa6be6f5a10a7dea5ac562a0df5c5fac2e9

diff --git a/src/import/import-common.c b/src/import/import-common.c
index 5f17084f9fd9494641275c5da06ccb0ad2a81027..840eac210f8697a27e4a1d6016f1155c8f2b6bd3 100644 (file)
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -392,13 +392,14 @@ int import_remove_tree(const char *path, int *userns_fd, ImportFlags flags) {
         assert(path);
         assert(userns_fd);
 
-        r = import_make_foreign_userns(userns_fd);
-        if (r < 0)
-                return r;
-
         /* Try the userns dance first, to remove foreign UID range owned trees */
-        if (FLAGS_SET(flags, IMPORT_FOREIGN_UID))
+        if (FLAGS_SET(flags, IMPORT_FOREIGN_UID)) {
+                r = import_make_foreign_userns(userns_fd);
+                if (r < 0)
+                        return r;
+
                 (void) remove_tree_foreign(path, *userns_fd);
+        }
 
         r = rm_rf(path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME|REMOVE_MISSING_OK|REMOVE_CHMOD);
         if (r < 0)