execute: for processes where creds logic is turned off, don't pass creds path to namespace logic

Otherwise, the namespace logic will try to mount a dir that doesn't actually exist. Fixes: #18116
author: Lennart Poettering <lennart@poettering.net> 2021-01-19 17:31:21 +0100
committer: Lennart Poettering <lennart@poettering.net> 2021-01-19 20:03:42 +0100
commit: a631cbfae3fab810db01238867ae93191dbfbeed (patch)
tree: 98a5f44739d654e90d25a8fdec94c6b31c059d67
parent: f6c9a7ab9386081200a41e13571ee907f6669f58 (diff)
download: systemd-a631cbfae3fab810db01238867ae93191dbfbeed.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 14bebf4b3f..38235ec77e 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3183,7 +3183,9 @@ static int apply_mount_namespace(
         if (context->mount_flags == MS_SHARED)
                 log_unit_debug(u, "shared mount propagation hidden by other fs namespacing unit settings: ignoring");
 
-        if (exec_context_has_credentials(context) && params->prefix[EXEC_DIRECTORY_RUNTIME]) {
+        if (exec_context_has_credentials(context) &&
+            params->prefix[EXEC_DIRECTORY_RUNTIME] &&
+            FLAGS_SET(params->flags, EXEC_WRITE_CREDENTIALS)) {
                 creds_path = path_join(params->prefix[EXEC_DIRECTORY_RUNTIME], "credentials", u->id);
                 if (!creds_path) {
                         r = -ENOMEM;
author	Lennart Poettering <lennart@poettering.net>	2021-01-19 17:31:21 +0100
committer	Lennart Poettering <lennart@poettering.net>	2021-01-19 20:03:42 +0100
commit	a631cbfae3fab810db01238867ae93191dbfbeed (patch)
tree	98a5f44739d654e90d25a8fdec94c6b31c059d67
parent	f6c9a7ab9386081200a41e13571ee907f6669f58 (diff)
download	systemd-a631cbfae3fab810db01238867ae93191dbfbeed.tar.gz