From: DaanDeMeyer <daan.j.demeyer@gmail.com>
Date: Mon, 14 Jul 2025 06:13:45 +0000 (+0200)
Subject: nspawn: Don't clear idmapping if we're not doing an idmapped mount
X-Git-Tag: v258-rc1~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b955051244ce72ec5879d49e76dbf2b5ea0edeee;p=thirdparty%2Fsystemd.git

nspawn: Don't clear idmapping if we're not doing an idmapped mount

We only need to clear the existing idmapping if we're going to be
replacing it with another idmapping. Otherwise we should keep the
existing idmapping in place.
---

diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index af794b00172..4cc638877d8 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -829,7 +829,7 @@ static int mount_bind(const char *dest, CustomMount *m, uid_t uid_shift, uid_t u
                         m->source,
                         OPEN_TREE_CLONE|OPEN_TREE_CLOEXEC,
                         &(struct mount_attr) {
-                                .attr_clr = MOUNT_ATTR_IDMAP,
+                                .attr_clr = idmapping != REMOUNT_IDMAPPING_NONE ? MOUNT_ATTR_IDMAP : 0,
                         });
         if (ERRNO_IS_NEG_NOT_SUPPORTED(fd_clone))
                 /* We can only clear idmapped mounts with open_tree_attr(), but there might not be one in