From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 22 Nov 2024 21:08:48 +0000 (+0900)
Subject: namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported()
X-Git-Tag: v257-rc3~46^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eb14b993bb426b67553babb48de75bec30063a4c;p=thirdparty%2Fsystemd.git

namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported()

Follow-up for edae62120f13b24d51812d1d7c0ab24acb420305.
Fixes #35311.
---

diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c
index 2c61506149f..1d566f59e88 100644
--- a/src/basic/namespace-util.c
+++ b/src/basic/namespace-util.c
@@ -531,6 +531,10 @@ int is_idmapping_supported(const char *path) {
         userns_fd = userns_acquire(uid_map, gid_map);
         if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd))
                 return false;
+        if (userns_fd == -ENOSPC) {
+                log_debug_errno(userns_fd, "Failed to acquire new user namespace, user.max_user_namespaces seems to be exhausted or maybe even zero, assuming ID-mapping is not supported: %m");
+                return false;
+        }
         if (userns_fd < 0)
                 return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path);