From edd3f4d9b7a63dc9a142ef20119e80d1d9527f2f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 7 Oct 2024 13:40:55 +0900
Subject: [PATCH] core: drop implicit support of PrivateUsers=off

Follow-up for fa693fdc7e17618958c505af4b2f39ecd1c3363e.

The documentation says the option takes a boolean or one of the "self"
and "identity". But the parser uses private_users_from_string() which
also accepts "off". Let's drop the implicit support of "off".
---
 man/systemd.exec.xml    | 2 +-
 src/core/dbus-execute.c | 4 ++--
 src/core/exec-invoke.c  | 8 ++++----
 src/core/namespace.c    | 2 +-
 src/core/namespace.h    | 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c8ca543b457..6764f89b020 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1967,7 +1967,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
         <term><varname>PrivateUsers=</varname></term>
 
         <listitem><para>Takes a boolean argument or one of <literal>self</literal> or
-        <literal>identity</literal>. Defaults to off. If enabled, sets up a new user namespace for the
+        <literal>identity</literal>. Defaults to false. If enabled, sets up a new user namespace for the
         executed processes and configures a user and group mapping. If set to a true value or
         <literal>self</literal>, a minimal user and group mapping is configured that maps the
         <literal>root</literal> user and group as well as the unit's own user and group to themselves and
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index d42d785f194..08c1acf397d 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1038,7 +1038,7 @@ static int property_get_private_users(
                 sd_bus_error *error) {
 
         PrivateUsers *p = ASSERT_PTR(userdata);
-        int b = *p != PRIVATE_USERS_OFF;
+        int b = *p != PRIVATE_USERS_NO;
 
         return sd_bus_message_append_basic(reply, 'b', &b);
 }
@@ -1882,7 +1882,7 @@ int bus_exec_context_set_transient_property(
                         return r;
 
                 if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                        c->private_users = v ? PRIVATE_USERS_SELF : PRIVATE_USERS_OFF;
+                        c->private_users = v ? PRIVATE_USERS_SELF : PRIVATE_USERS_NO;
                         (void) unit_write_settingf(u, flags, name, "%s=%s", name, yes_no(v));
                 }
 
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 2bd43a95ddb..499ac4d4c66 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -2096,7 +2096,7 @@ static int setup_private_users(PrivateUsers private_users, uid_t ouid, gid_t ogi
          * For unprivileged users (i.e. without capabilities), the root to root mapping is excluded. As such, it
          * does not need CAP_SETUID to write the single line mapping to itself. */
 
-        if (private_users == PRIVATE_USERS_OFF)
+        if (private_users == PRIVATE_USERS_NO)
                 return 0;
 
         if (private_users == PRIVATE_USERS_IDENTITY) {
@@ -3851,7 +3851,7 @@ static bool exec_context_need_unprivileged_private_users(
         if (params->runtime_scope != RUNTIME_SCOPE_USER)
                 return false;
 
-        return context->private_users != PRIVATE_USERS_OFF ||
+        return context->private_users != PRIVATE_USERS_NO ||
                context->private_tmp != PRIVATE_TMP_OFF ||
                context->private_devices ||
                context->private_network ||
@@ -4762,13 +4762,13 @@ int exec_invoke(
                  * Users with CAP_SYS_ADMIN can set up user namespaces last because they will be able to
                  * set up all of the other namespaces (i.e. network, mount, UTS) without a user namespace. */
                 PrivateUsers pu = context->private_users;
-                if (pu == PRIVATE_USERS_OFF)
+                if (pu == PRIVATE_USERS_NO)
                         pu = PRIVATE_USERS_SELF;
 
                 r = setup_private_users(pu, saved_uid, saved_gid, uid, gid);
                 /* If it was requested explicitly and we can't set it up, fail early. Otherwise, continue and let
                  * the actual requested operations fail (or silently continue). */
-                if (r < 0 && context->private_users != PRIVATE_USERS_OFF) {
+                if (r < 0 && context->private_users != PRIVATE_USERS_NO) {
                         *exit_status = EXIT_USER;
                         return log_exec_error_errno(context, params, r, "Failed to set up user namespacing for unprivileged user: %m");
                 }
diff --git a/src/core/namespace.c b/src/core/namespace.c
index b7fe4ffbcce..6909fb4a06b 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -3229,7 +3229,7 @@ static const char* const private_tmp_table[_PRIVATE_TMP_MAX] = {
 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_tmp, PrivateTmp, PRIVATE_TMP_CONNECTED);
 
 static const char* const private_users_table[_PRIVATE_USERS_MAX] = {
-        [PRIVATE_USERS_OFF]      = "off",
+        [PRIVATE_USERS_NO]       = "no",
         [PRIVATE_USERS_SELF]     = "self",
         [PRIVATE_USERS_IDENTITY] = "identity",
 };
diff --git a/src/core/namespace.h b/src/core/namespace.h
index ad62db6490a..d158b8b515a 100644
--- a/src/core/namespace.h
+++ b/src/core/namespace.h
@@ -62,7 +62,7 @@ typedef enum PrivateTmp {
 } PrivateTmp;
 
 typedef enum PrivateUsers {
-        PRIVATE_USERS_OFF,
+        PRIVATE_USERS_NO,
         PRIVATE_USERS_SELF,
         PRIVATE_USERS_IDENTITY,
         _PRIVATE_USERS_MAX,
-- 
2.47.3