nspawn: trivial tweaklets (#35831)

2025-03-03 16:58:37 +03:00 · 2025-01-03 15:54:43 +01:00 · 2025-01-03 15:54:43 +01:00 · b6507d81ce
commit b6507d81ce
parent bde379461d 2623052e14
1 changed files with 5 additions and 8 deletions
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@ -1763,7 +1763,7 @@ static int verify_arguments(void) {
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid namespacing settings. Mounting sysfs with --private-users requires --private-network.");

        if (arg_userns_mode != USER_NAMESPACE_NO && !(arg_mount_settings & MOUNT_APPLY_APIVFS_RO))
-                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot combine --private-users with read-write mounts.");
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot combine --private-users with read-write API VFS mounts.");

        if (arg_expose_ports && !arg_private_network)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot use --port= without private networking.");
@ -2579,10 +2579,9 @@ static int setup_credentials(const char *root) {
                if (fchmod(fd, world_readable ? 0444 : 0400) < 0)
                        return log_error_errno(errno, "Failed to adjust access mode of %s: %m", j);

-                if (arg_userns_mode != USER_NAMESPACE_NO) {
+                if (arg_userns_mode != USER_NAMESPACE_NO)
                        if (fchown(fd, arg_uid_shift, arg_uid_shift) < 0)
                                return log_error_errno(errno, "Failed to adjust ownership of %s: %m", j);
-                }
        }

        if (chmod(q, world_readable ? 0555 : 0500) < 0)
@ -3448,10 +3447,9 @@ static int inner_child(
        if (!arg_network_namespace_path && arg_private_network) {
                _cleanup_close_ int netns_fd = -EBADF;

-                if (arg_privileged) {
+                if (arg_privileged)
                        if (unshare(CLONE_NEWNET) < 0)
                                return log_error_errno(errno, "Failed to unshare network namespace: %m");
-                }

                netns_fd = namespace_open_by_type(NAMESPACE_NET);
                if (netns_fd < 0)
@ -3710,7 +3708,7 @@ static int inner_child(
                        return log_error_errno(errno, "Failed to acquire controlling TTY: %m");
        }

-        log_debug("Inner child completed, invoking payload.");
+        log_debug("Inner child finished, invoking payload.");

        /* Now, explicitly close the log, so that we then can close all remaining fds. Closing the log explicitly first
         * has the benefit that the logging subsystem knows about it, and is thus ready to be reopened should we need
@ -5088,7 +5086,7 @@ static int load_settings(void) {
                return 0;

        /* We first look in the admin's directories in /etc and /run */
-        if (arg_privileged) {
+        if (arg_privileged)
                FOREACH_STRING(i, "/etc/systemd/nspawn", "/run/systemd/nspawn") {
                        _cleanup_free_ char *j = NULL;

@ -5110,7 +5108,6 @@ static int load_settings(void) {
                        if (errno != ENOENT)
                                return log_error_errno(errno, "Failed to open %s: %m", j);
                }
-        }

        if (!f) {
                /* After that, let's look for a file next to the