From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 5 Sep 2025 07:08:44 +0000 (+0200)
Subject: nspawn: Drop CAP_NET_BIND_SERVICE if in userns with identity mapping (#38723)
X-Git-Tag: v258-rc4~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f743084035c637fa804b543fac21b3de17a32050;p=thirdparty%2Fsystemd.git

nspawn: Drop CAP_NET_BIND_SERVICE if in userns with identity mapping (#38723)

Even if there's no uid shift, we still won't be able to bind to
privileged ports in the host network namespace, so drop the capability
regardless of whether we have a uid shift or not.
---

f743084035c637fa804b543fac21b3de17a32050