From: Dmitry V. Levin <ldv@strace.io>
Date: Fri, 14 Jul 2023 08:00:00 +0000 (+0000)
Subject: nspawn: cleanup use of ERRNO_IS_NOT_SUPPORTED()
X-Git-Tag: v255-rc1~886^2~8
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=92a702b114fd40d4fbbfbb546251ce1f7886f08e;p=thirdparty%2Fsystemd.git

nspawn: cleanup use of ERRNO_IS_NOT_SUPPORTED()

Given that ERRNO_IS_NOT_SUPPORTED() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.

In this case the argument passed to ERRNO_IS_NOT_SUPPORTED() is the
value returned by remount_idmap() which is not expected to return
any positive values, but let's be consistent anyway and move the
ERRNO_IS_NOT_SUPPORTED() invocation to the branch where
the return value is known to be negative.
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index e170958fc5c..d5b04865436 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3825,19 +3825,20 @@ static int outer_child(
             arg_uid_shift != 0) {
 
                 r = remount_idmap(directory, arg_uid_shift, arg_uid_range, UID_INVALID, REMOUNT_IDMAPPING_HOST_ROOT);
-                if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) {
-                        /* This might fail because the kernel or file system doesn't support idmapping. We
-                         * can't really distinguish this nicely, nor do we have any guarantees about the
-                         * error codes we see, could be EOPNOTSUPP or EINVAL. */
-                        if (arg_userns_ownership != USER_NAMESPACE_OWNERSHIP_AUTO)
-                                return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                                       "ID mapped mounts are apparently not available, sorry.");
-
-                        log_debug("ID mapped mounts are apparently not available on this kernel or for the selected file system, reverting to recursive chown()ing.");
-                        arg_userns_ownership = USER_NAMESPACE_OWNERSHIP_CHOWN;
-                } else if (r < 0)
-                        return log_error_errno(r, "Failed to set up ID mapped mounts: %m");
-                else {
+                if (r < 0) {
+                        if (r == -EINVAL || ERRNO_IS_NOT_SUPPORTED(r)) {
+                                /* This might fail because the kernel or file system doesn't support idmapping. We
+                                 * can't really distinguish this nicely, nor do we have any guarantees about the
+                                 * error codes we see, could be EOPNOTSUPP or EINVAL. */
+                                if (arg_userns_ownership != USER_NAMESPACE_OWNERSHIP_AUTO)
+                                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                                               "ID mapped mounts are apparently not available, sorry.");
+
+                                log_debug("ID mapped mounts are apparently not available on this kernel or for the selected file system, reverting to recursive chown()ing.");
+                                arg_userns_ownership = USER_NAMESPACE_OWNERSHIP_CHOWN;
+                        } else
+                                return log_error_errno(r, "Failed to set up ID mapped mounts: %m");
+                } else {
                         log_debug("ID mapped mounts available, making use of them.");
                         idmap = true;
                 }