execute: don't fail child when we don't have privileges to setup namespaces

If we don't have privileges to setup the namespaces then we are most likely
running inside some sort of unprivileged container, hence not being able to
create namespace is not a problem because spawned service can't access host
system anyway.

diff --git a/src/core/execute.c b/src/core/execute.c
index b165b33af0642430b7fe0bcfcd4ebc14334630e7..43f2764a49db32cbe6f0e504b138cbf89b2c0283 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1545,7 +1545,10 @@ static int exec_child(ExecCommand *command,
                                 context->protect_home,
                                 context->protect_system,
                                 context->mount_flags);
-                if (err < 0) {
+
+                if (err == -EPERM)
+                        log_error_unit(params->unit_id, "Failed to setup namespace, ignoring: %s", strerror(-err));
+                else if (err < 0) {
                         *error = EXIT_NAMESPACE;
                         return err;
                 }