From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 13 Mar 2023 14:19:56 +0000 (+0100)
Subject: namespace: use ERRNO_IS_PRIVILEGE()/ERRNO_IS_NOT_SUPPORTED() where appropriate
X-Git-Tag: v254-rc1~1041
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eacfbd89c31742ace242177f570e9c70f915ce86;p=thirdparty%2Fsystemd.git

namespace: use ERRNO_IS_PRIVILEGE()/ERRNO_IS_NOT_SUPPORTED() where appropriate
---

diff --git a/src/core/namespace.c b/src/core/namespace.c
index b4bb01bb742..8a8ff5ac7df 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -2426,7 +2426,8 @@ int setup_namespace(
 
         if (unshare(CLONE_NEWNS) < 0) {
                 r = log_debug_errno(errno, "Failed to unshare the mount namespace: %m");
-                if (IN_SET(r, -EACCES, -EPERM, -EOPNOTSUPP, -ENOSYS))
+                if (ERRNO_IS_PRIVILEGE(r) ||
+                    ERRNO_IS_NOT_SUPPORTED(r))
                         /* If the kernel doesn't support namespaces, or when there's a MAC or seccomp filter
                          * in place that doesn't allow us to create namespaces (or a missing cap), then
                          * propagate a recognizable error back, which the caller can use to detect this case