pid1: do not fail if we get EPERM while setting up network name

In a user namespace container: Feb 28 12:45:53 0b2420135953 systemd[1]: Starting Home Manager... Feb 28 12:45:53 0b2420135953 systemd[21]: systemd-homed.service: Failed to set up network namespacing: Operation not permitted Feb 28 12:45:53 0b2420135953 systemd[21]: systemd-homed.service: Failed at step NETWORK spawning /usr/lib/systemd/systemd-homed: Operation not permitted Feb 28 12:45:53 0b2420135953 systemd[1]: systemd-homed.service: Main process exited, code=exited, status=225/NETWORK Feb 28 12:45:53 0b2420135953 systemd[1]: systemd-homed.service: Failed with result 'exit-code'. Feb 28 12:45:53 0b2420135953 systemd[1]: Failed to start Home Manager. We should treat this similarly to the case where network namespace are not supported at all. https://bugzilla.redhat.com/show_bug.cgi?id=1807465
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-02-28 14:49:17 +0100
committer: Yu Watanabe <watanabe.yu+github@gmail.com> 2020-02-29 19:33:19 +0900
commit: ee00d1e95e84cec29a68c27af324f3baac91a4a4 (patch)
tree: 931b61a126ff73f79687b922d93f50a7ee56ffa0
parent: ecf63c91025b1692d48886b57dae3896ab12c54c (diff)
download: systemd-ee00d1e95e84cec29a68c27af324f3baac91a4a4.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index b05471223b..3911363c54 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3511,13 +3511,17 @@ static int exec_child(
 
                 if (ns_type_supported(NAMESPACE_NET)) {
                         r = setup_netns(runtime->netns_storage_socket);
-                        if (r < 0) {
+                        if (r == -EPERM)
+                                log_unit_warning_errno(unit, r,
+                                                       "PrivateNetwork=yes is configured, but network namespace setup failed, ignoring: %m");
+                        else if (r < 0) {
                                 *exit_status = EXIT_NETWORK;
                                 return log_unit_error_errno(unit, r, "Failed to set up network namespacing: %m");
                         }
                 } else if (context->network_namespace_path) {
                         *exit_status = EXIT_NETWORK;
-                        return log_unit_error_errno(unit, SYNTHETIC_ERRNO(EOPNOTSUPP), "NetworkNamespacePath= is not supported, refusing.");
+                        return log_unit_error_errno(unit, SYNTHETIC_ERRNO(EOPNOTSUPP),
+                                                    "NetworkNamespacePath= is not supported, refusing.");
                 } else
                         log_unit_warning(unit, "PrivateNetwork=yes is configured, but the kernel does not support network namespaces, ignoring.");
         }
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-02-28 14:49:17 +0100
committer	Yu Watanabe <watanabe.yu+github@gmail.com>	2020-02-29 19:33:19 +0900
commit	ee00d1e95e84cec29a68c27af324f3baac91a4a4 (patch)
tree	931b61a126ff73f79687b922d93f50a7ee56ffa0
parent	ecf63c91025b1692d48886b57dae3896ab12c54c (diff)
download	systemd-ee00d1e95e84cec29a68c27af324f3baac91a4a4.tar.gz