From: Luca Boccassi Date: Wed, 13 May 2026 17:31:27 +0000 (+0100) Subject: import: do not create foreign ns on cleanup if not needed X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b05d828b5c16606d267b3a7869329bdf7c2a4c68;p=thirdparty%2Fsystemd.git import: do not create foreign ns on cleanup if not needed The user ns is only used if the appropriate flag is set, so avoid creating it unless it is. This avoids a spurious EPERM error in TEST-13-NSPAWN.machined that is confusing when debugging failures [ 34.054] systemd-importd[504]: (transfer18) Imported 92%. [ 34.118] systemd-importd[504]: (transfer18) Failed to decode and write: Broken pipe [ 34.119] systemd-importd[504]: (transfer18) Exiting. [ 34.121] systemd-importd[504]: (transfer18) Failed to allocate transient user namespace: Operation not permitted [ 34.121] systemd-importd[504]: Transfer process failed with exit code 1. Follow-up for 1be8caa6be6f5a10a7dea5ac562a0df5c5fac2e9 --- diff --git a/src/import/import-common.c b/src/import/import-common.c index 5f17084f9fd..840eac210f8 100644 --- a/src/import/import-common.c +++ b/src/import/import-common.c @@ -392,13 +392,14 @@ int import_remove_tree(const char *path, int *userns_fd, ImportFlags flags) { assert(path); assert(userns_fd); - r = import_make_foreign_userns(userns_fd); - if (r < 0) - return r; - /* Try the userns dance first, to remove foreign UID range owned trees */ - if (FLAGS_SET(flags, IMPORT_FOREIGN_UID)) + if (FLAGS_SET(flags, IMPORT_FOREIGN_UID)) { + r = import_make_foreign_userns(userns_fd); + if (r < 0) + return r; + (void) remove_tree_foreign(path, *userns_fd); + } r = rm_rf(path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME|REMOVE_MISSING_OK|REMOVE_CHMOD); if (r < 0)