nspawn: don't run nspawn --port=... without libiptc support

We get
$ systemd-nspawn --image /dev/loop1 --port 8080:80 -n -b 3
--port= is not supported, compiled without libiptc support.

instead of a ping-nc-iptables debugging session

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index be07625a03c48d991c303d0b768e4ebcc18d4f7a..eb89916b7e1ea728fdd9d2d097088dbfea88c951 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -977,6 +977,13 @@ static int verify_arguments(void) {
                 return -EINVAL;
         }
 
+#ifndef HAVE_LIBIPTC
+        if (arg_expose_ports) {
+                log_error("--port= is not supported, compiled without libiptc support.");
+                return -EOPNOTSUPP;
+        }
+#endif
+
         if (arg_start_mode == START_BOOT && arg_kill_signal <= 0)
                 arg_kill_signal = SIGRTMIN+3;