diff options
| author | Lennart Poettering <lennart@poettering.net> | 2025-01-15 23:18:39 +0100 |
|---|---|---|
| committer | Mike Yuan <me@yhndnzj.com> | 2025-01-16 11:26:57 +0100 |
| commit | 39706728e191a588bbf79ff388e8876ef38d0856 (patch) | |
| tree | a39cc4248bdc1741fc55621c91bda22c9879a502 | |
| parent | shared/bus-util: add missing `set.h` include (diff) | |
| download | systemd-39706728e191a588bbf79ff388e8876ef38d0856.tar.xz systemd-39706728e191a588bbf79ff388e8876ef38d0856.zip | |
namespace-util: don't reset UID/GIDs in namespace_enter() unless we enter a userns
The reset of UID/GID only really makes sense if we enter a userns, hence
let#s restrict it to that.
| -rw-r--r-- | src/basic/namespace-util.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c index 060c540f8a..36ebda9ba4 100644 --- a/src/basic/namespace-util.c +++ b/src/basic/namespace-util.c @@ -247,7 +247,10 @@ int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int return -errno; } - return reset_uid_gid(); + if (userns_fd >= 0) + return reset_uid_gid(); + + return 0; } int fd_is_namespace(int fd, NamespaceType type) { @@ -768,4 +771,3 @@ int netns_acquire(void) { return pidref_namespace_open_by_type(&pid, NAMESPACE_NET); } - |