From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 27 Feb 2025 08:24:04 +0000 (+0100)
Subject: exec-invoke: Simplify logic
X-Git-Tag: v258-rc1~1212^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4fea4f8295b12110d1d17f4e622535aea99dc854;p=thirdparty%2Fsystemd.git

exec-invoke: Simplify logic
---

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 47a4141b01e..f9c3355441f 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -5215,15 +5215,17 @@ int exec_invoke(
                  * We need to check prior to entering the user namespace because if we're running unprivileged or in a
                  * system without CAP_SYS_ADMIN, then we can have CAP_SYS_ADMIN in the current user namespace but not
                  * once we unshare a mount namespace. */
-                r = has_cap_sys_admin ? 1 : can_mount_proc(context, params);
-                if (r < 0) {
-                        *exit_status = EXIT_NAMESPACE;
-                        return log_exec_error_errno(context, params, r, "Failed to detect if /proc/ can be remounted: %m");
-                }
-                if (r == 0) {
-                        *exit_status = EXIT_NAMESPACE;
-                        return log_exec_error_errno(context, params, SYNTHETIC_ERRNO(EPERM),
-                                                    "PrivatePIDs=yes is configured, but /proc/ cannot be re-mounted due to lack of privileges, refusing.");
+                if (!has_cap_sys_admin) {
+                        r = can_mount_proc(context, params);
+                        if (r < 0) {
+                                *exit_status = EXIT_NAMESPACE;
+                                return log_exec_error_errno(context, params, r, "Failed to detect if /proc/ can be remounted: %m");
+                        }
+                        if (r == 0) {
+                                *exit_status = EXIT_NAMESPACE;
+                                return log_exec_error_errno(context, params, SYNTHETIC_ERRNO(EPERM),
+                                                            "PrivatePIDs=yes is configured, but /proc/ cannot be re-mounted due to lack of privileges, refusing.");
+                        }
                 }
 
                 r = setup_private_pids(context, params);