From: DaanDeMeyer Date: Fri, 26 Dec 2025 20:51:00 +0000 (+0100) Subject: dissect: Don't use private userns for --copy-to/--copy-from X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09e38c27096da719437092ab80569f693951283c;p=thirdparty%2Fsystemd.git dissect: Don't use private userns for --copy-to/--copy-from These actions interact with the host. The former needs privileges to write into the image, the latter needs privileges to write on the host. Neither will have the privileges required if the image is attached under a private userns, hence, don't use one. --- diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index 94f796f675d..b6b122afb74 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -2180,8 +2180,9 @@ static int run(int argc, char *argv[]) { if (arg_loop_ref || arg_loop_ref_auto) /* yes, the 2nd check is strictly speaking redundant, given the normalization we did above, but let's be explicit here */ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "--loop-ref=/--loop-ref-auto not supported when operating via systemd-mountfsd."); - /* Don't run things in private userns, if the mount shall be attached to the host */ - if (!IN_SET(arg_action, ACTION_MOUNT, ACTION_WITH)) { + /* Don't run things in private userns, if the mount shall be attached to the host + * or if we're copying from/to the host. */ + if (!IN_SET(arg_action, ACTION_MOUNT, ACTION_WITH, ACTION_COPY_FROM, ACTION_COPY_TO)) { userns_fd = nsresource_allocate_userns(/* name= */ NULL, NSRESOURCE_UIDS_64K); /* allocate 64K users by default */ if (userns_fd < 0) return log_error_errno(userns_fd, "Failed to allocate user namespace with 64K users: %m");