]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 299b6c3)
namespace-util: make idmapping not supported if syscalls return EPERM
authorAndres Beltran <abeltran@microsoft.com>
Tue, 5 Nov 2024 19:52:35 +0000 (19:52 +0000)
committerLennart Poettering <lennart@poettering.net>
Wed, 6 Nov 2024 08:27:33 +0000 (09:27 +0100)
src/basic/namespace-util.c patch | blob | blame | history

diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
index 16053ff2a98045a63bb3ffff58148d75e377beb9..a80ed32791a4f6d4dc875587eae415132c588b0e 100644 (file)
--- a/src/basic/namespace-util.c
+++ b/src/basic/namespace-util.c
@@ -527,19 +527,19 @@ int is_idmapping_supported(const char *path) {
                 return r;
 
         userns_fd = userns_acquire(uid_map, gid_map);
-        if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd))
+        if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd))
                 return false;
         if (userns_fd < 0)
                 return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path);
 
         dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
-        if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd) || dir_fd == -EINVAL)
+        if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd))
                 return false;
         if (dir_fd < 0)
                 return log_debug_errno(dir_fd, "ID-mapping supported open failed for '%s' : %m", path);
 
         mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC));
-        if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || mount_fd == -EINVAL)
+        if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL)
                 return false;
         if (mount_fd < 0)
                 return log_debug_errno(mount_fd, "ID-mapping supported open_tree failed for '%s' : %m", path);
@@ -549,7 +549,7 @@ int is_idmapping_supported(const char *path) {
                                 .attr_set = MOUNT_ATTR_IDMAP | MOUNT_ATTR_NOSUID | MOUNT_ATTR_NOEXEC | MOUNT_ATTR_RDONLY | MOUNT_ATTR_NODEV,
                                 .userns_fd = userns_fd,
                         }, sizeof(struct mount_attr)));
-        if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || r == -EINVAL || r == -EPERM)
+        if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL)
                 return false;
         if (r < 0)
                 return log_debug_errno(r, "ID-mapping supported setattr failed for '%s' : %m", path);
Unnamed repository; edit this file 'description' to name the repository.