From: Mike Yuan Date: Mon, 15 Dec 2025 18:46:59 +0000 (+0100) Subject: process-util: teach namespace_fork() to optionally use namespace_enter_delegated() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f89ed439d1e5ccc0b6b4d51f347a92a1485be81;p=thirdparty%2Fsystemd.git process-util: teach namespace_fork() to optionally use namespace_enter_delegated() --- diff --git a/src/basic/process-util.c b/src/basic/process-util.c index 9c44193b67c..52af6a01c8a 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c @@ -1778,6 +1778,7 @@ int namespace_fork_full( int netns_fd, int userns_fd, int root_fd, + bool delegated, PidRef *ret) { _cleanup_(pidref_done_sigkill_wait) PidRef pidref_outer = PIDREF_NULL; @@ -1823,7 +1824,10 @@ int namespace_fork_full( errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]); - r = namespace_enter(pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd); + if (delegated) + r = namespace_enter_delegated(userns_fd, pidns_fd, mntns_fd, netns_fd, root_fd); + else + r = namespace_enter(pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd); if (r < 0) { log_full_errno(prio, r, "Failed to join namespace: %m"); report_errno_and_exit(errno_pipe_fd[1], r); diff --git a/src/basic/process-util.h b/src/basic/process-util.h index 46a5612048f..66bb194bac0 100644 --- a/src/basic/process-util.h +++ b/src/basic/process-util.h @@ -201,6 +201,7 @@ int namespace_fork_full( int netns_fd, int userns_fd, int root_fd, + bool delegated, PidRef *ret); static inline int namespace_fork( @@ -215,7 +216,7 @@ static inline int namespace_fork( PidRef *ret) { return namespace_fork_full(outer_name, inner_name, NULL, 0, flags, - pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd, + pidns_fd, mntns_fd, netns_fd, userns_fd, root_fd, false, ret); }