chiark / gitweb /
execute: don't fail child when we don't have privileges to setup namespaces
authorMichal Sekletar <msekleta@redhat.com>
Fri, 17 Oct 2014 09:51:46 +0000 (11:51 +0200)
committerMichal Sekletar <msekleta@redhat.com>
Fri, 17 Oct 2014 09:51:46 +0000 (11:51 +0200)
If we don't have privileges to setup the namespaces then we are most likely
running inside some sort of unprivileged container, hence not being able to
create namespace is not a problem because spawned service can't access host
system anyway.

src/core/execute.c

index b165b33..43f2764 100644 (file)
@@ -1545,7 +1545,10 @@ static int exec_child(ExecCommand *command,
                                 context->protect_home,
                                 context->protect_system,
                                 context->mount_flags);
-                if (err < 0) {
+
+                if (err == -EPERM)
+                        log_error_unit(params->unit_id, "Failed to setup namespace, ignoring: %s", strerror(-err));
+                else if (err < 0) {
                         *error = EXIT_NAMESPACE;
                         return err;
                 }