diff options
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/execute.c | 5 | ||||
| -rw-r--r-- | src/core/namespace.c | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index b803edb145..04dcf4b427 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -3423,6 +3423,11 @@ static int setup_credentials( _exit(EXIT_FAILURE); } + /* If the credentials dir is empty and not a mount point, then there's no point in having it. Let's + * try to remove it. This matters in particular if we created the dir as mount point but then didn't + * actually end up mounting anything on it. In that case we'd rather have ENOENT than EACCESS being + * seen by users when trying access this inode. */ + (void) rmdir(p); return 0; } diff --git a/src/core/namespace.c b/src/core/namespace.c index 1d19685d2e..2fcc096217 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -2385,6 +2385,7 @@ int setup_namespace( .mode = BIND_MOUNT, .read_only = true, .source_const = creds_path, + .ignore = true, }; } else { /* If our service has no credentials store configured, then make the whole |