From 0015ebf3fa524d414a947bdf0814782a8ee00799 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Fri, 17 Oct 2014 11:51:46 +0200
Subject: [PATCH 1/1] execute: don't fail child when we don't have privileges
 to setup namespaces

If we don't have privileges to setup the namespaces then we are most likely
running inside some sort of unprivileged container, hence not being able to
create namespace is not a problem because spawned service can't access host
system anyway.
---
 src/core/execute.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/core/execute.c b/src/core/execute.c
index b165b33af..43f2764a4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1545,7 +1545,10 @@ static int exec_child(ExecCommand *command,
                                 context->protect_home,
                                 context->protect_system,
                                 context->mount_flags);
-                if (err < 0) {
+
+                if (err == -EPERM)
+                        log_error_unit(params->unit_id, "Failed to setup namespace, ignoring: %s", strerror(-err));
+                else if (err < 0) {
                         *error = EXIT_NAMESPACE;
                         return err;
                 }
-- 
2.30.2