mirror of
https://github.com/systemd/systemd.git
synced 2024-12-23 21:35:11 +03:00
nspawn: check if kernel supports userns as early as possible
If the kernel do not support user namespace then one of the children created by nspawn parent will fail at clone(CLONE_NEWUSER) with the generic error EINVAL and without logging the error. At the same time the parent may also try to setup the user namespace and will fail with another error. To improve this, check if the kernel supports user namespace as early as possible.
This commit is contained in:
parent
265d3f718b
commit
b774fb7f00
@ -1013,6 +1013,9 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (arg_userns && access("/proc/self/uid_map", F_OK) < 0)
|
||||
return log_error_errno(EOPNOTSUPP, "--private-users= is not supported, kernel compiled without user namespace support.");
|
||||
|
||||
arg_retain = (arg_retain | plus | (arg_private_network ? 1ULL << CAP_NET_ADMIN : 0)) & ~minus;
|
||||
|
||||
if (arg_boot && arg_kill_signal <= 0)
|
||||
|
Loading…
Reference in New Issue
Block a user