From 39706728e191a588bbf79ff388e8876ef38d0856 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 15 Jan 2025 23:18:39 +0100
Subject: [PATCH] namespace-util: don't reset UID/GIDs in namespace_enter()
 unless we enter a userns

The reset of UID/GID only really makes sense if we enter a userns, hence
let#s restrict it to that.
---
 src/basic/namespace-util.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
index 060c540f8af..36ebda9ba47 100644
--- a/src/basic/namespace-util.c
+++ b/src/basic/namespace-util.c
@@ -247,7 +247,10 @@ int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int
                         return -errno;
         }
 
-        return reset_uid_gid();
+        if (userns_fd >= 0)
+                return reset_uid_gid();
+
+        return 0;
 }
 
 int fd_is_namespace(int fd, NamespaceType type) {
@@ -768,4 +771,3 @@ int netns_acquire(void) {
 
         return pidref_namespace_open_by_type(&pid, NAMESPACE_NET);
 }
-
-- 
2.47.3