mirror of
https://github.com/systemd/systemd.git
synced 2025-03-13 00:58:27 +03:00
46b7e96783
So far, we supported two modes: 1. when running unpriv we'd get the mounts from mountfsd, and the userns from nsresourced 2. when running priv we'd do the mounts/userns ourselves This untangles this a bit, so that we can also use mountfsd/nsresourced when running privilged. I think this is generally a bit nicer, and probably something we should switch to entirely one day, as it reduces the variety of codepaths. With this patch the default behaviour remains unchanged, but by selecting the new "managed" option for --private-users= the codepaths via mountfsd/nsresourced can be explicitly requested even when running with privs. This is mostly just reworks that we check for arg_userns_mode != USER_NAMESPACE_MANAGED rather than arg_privileged for a number of codepaths, but requires more fixes, too. The devil is in the details.