From f6bcd125dbf89cfb61516d29b5d45f2e3edce468 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan@amutable.com>
Date: Mon, 16 Feb 2026 22:12:34 +0100
Subject: [PATCH] nspawn: Join network namespace with setns()

We don't have /proc mounted which means namespace_enter() won't work
on older kernels, so use setns() instead.
---
 src/nspawn/nspawn.c | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 1c0ab6e7129..296b12bb90b 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -4368,15 +4368,8 @@ static int outer_child(
                 /* The inner child has all namespaces that are requested, so that we all are owned by the
                  * user if user namespaces are turned on. */
 
-                if (arg_network_namespace_path) {
-                        r = namespace_enter(/* pidns_fd= */ -EBADF,
-                                            /* mntns_fd= */ -EBADF,
-                                            netns_fd,
-                                            /* userns_fd= */ -EBADF,
-                                            /* root_fd= */ -EBADF);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to join network namespace: %m");
-                }
+                if (arg_network_namespace_path && setns(netns_fd, CLONE_NEWNET) < 0)
+                        return log_error_errno(errno, "Failed to join network namespace: %m");
 
                 if (arg_userns_mode == USER_NAMESPACE_MANAGED) {
                         /* In managed usernamespace operation, sysfs + procfs are special, we'll have to
-- 
2.47.3