From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 1 Aug 2024 14:35:36 +0000 (+0200)
Subject: Only use unshare to become root if we're actually going to use a scope
X-Git-Tag: v25~374^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c1b3d99fe87fa77bbcbe97cc4b1534f3cf2fe35;p=thirdparty%2Fmkosi.git

Only use unshare to become root if we're actually going to use a scope

If the relevant environment variables are not set, scope_cmd() will
return an empty list and we won't use a scope after all. In that case
we don't need to use unshare either to become root and can rely on our
own become_root() function so check whether we're actually going to use
a scope or not.
---

diff --git a/mkosi/qemu.py b/mkosi/qemu.py
index bd1ddcf3f..058cbc1d8 100644
--- a/mkosi/qemu.py
+++ b/mkosi/qemu.py
@@ -351,8 +351,9 @@ def start_virtiofsd(config: Config, directory: PathString, *, name: str, selinux
             gid = INVOKING_USER.gid if os.getgid() != INVOKING_USER.gid else None
             scope = scope_cmd(name=name, description=description, user=uid, group=gid)
         elif not uidmap and (os.getuid() == 0 or unshare_version() >= "2.38"):
-            runas = become_root_cmd()
             scope = scope_cmd(name=name, description=description)
+            if scope:
+                runas = become_root_cmd()
 
         with spawn(
             cmdline,