From 6d19b71876ac9a16886bd4f8f6eefb6aa2b60473 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 20 Nov 2019 12:27:28 +0100 Subject: [PATCH] core: don't insist on ProtectHostname= if unshare() is blocked Previously we'd only skip ProtectHostname= if kernel support for namespaces was lacking. With this change we also accept if unshare() fails because it is blocked. --- src/core/execute.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index def73977fc1..abc164ff5be 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -3448,8 +3448,12 @@ static int exec_child( if (context->protect_hostname) { if (ns_type_supported(NAMESPACE_UTS)) { if (unshare(CLONE_NEWUTS) < 0) { - *exit_status = EXIT_NAMESPACE; - return log_unit_error_errno(unit, errno, "Failed to set up UTS namespacing: %m"); + if (!ERRNO_IS_NOT_SUPPORTED(errno) && !ERRNO_IS_PRIVILEGE(errno)) { + *exit_status = EXIT_NAMESPACE; + return log_unit_error_errno(unit, errno, "Failed to set up UTS namespacing: %m"); + } + + log_unit_warning(unit, "ProtectHostname=yes is configured, but UTS namespace setup is prohibited (container manager?), ignoring namespace setup."); } } else log_unit_warning(unit, "ProtectHostname=yes is configured, but the kernel does not support UTS namespaces, ignoring namespace setup."); -- 2.47.3