execute: downgrade namespace error to "warning"

[elogind.git] / src / core / execute.c

diff --git a/src/core/execute.c b/src/core/execute.c
index 8b9bb27137c24b3cefbbbb4deca9bcae122deff6..4b0767aed3151946f63653bc973503fe744e0d75 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1545,7 +1545,10 @@ static int exec_child(ExecCommand *command,
                                 context->protect_home,
                                 context->protect_system,
                                 context->mount_flags);
-                if (err < 0) {
+
+                if (err == -EPERM)
+                        log_warning_unit(params->unit_id, "Failed to set up file system namespace due to lack of privileges. Execution sandbox will not be in effect: %s", strerror(-err));
+                else if (err < 0) {
                         *error = EXIT_NAMESPACE;
                         return err;
                 }
@@ -1698,7 +1701,7 @@ static int exec_child(ExecCommand *command,
                         err = aa_change_onexec(context->apparmor_profile);
                         if (err < 0 && !context->apparmor_profile_ignore) {
                                 *error = EXIT_APPARMOR_PROFILE;
-                                return err;
+                                return -errno;
                         }
                 }
 #endif