From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 19 Jan 2021 16:31:21 +0000 (+0100)
Subject: execute: for processes where creds logic is turned off, don't pass creds path to... 
X-Git-Tag: v248-rc1~295
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a631cbfae3fab810db01238867ae93191dbfbeed;p=thirdparty%2Fsystemd.git

execute: for processes where creds logic is turned off, don't pass creds path to namespace logic

Otherwise, the namespace logic will try to mount a dir that doesn't
actually exist.

Fixes: #18116
---

diff --git a/src/core/execute.c b/src/core/execute.c
index 14bebf4b3f4..38235ec77ed 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3183,7 +3183,9 @@ static int apply_mount_namespace(
         if (context->mount_flags == MS_SHARED)
                 log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
 
-        if (exec_context_has_credentials(context) && params->prefix[EXEC_DIRECTORY_RUNTIME]) {
+        if (exec_context_has_credentials(context) &&
+            params->prefix[EXEC_DIRECTORY_RUNTIME] &&
+            FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
                 creds_path = path_join(params->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
                 if (!creds_path) {
                         r = -ENOMEM;