1 files changed, 19 insertions, 18 deletions

diff --git a/src/network/networkd.c b/src/network/networkd.c
index c7ce64b90b..35f22fea80 100644
--- a/src/network/networkd.c
+++ b/src/network/networkd.c
@@ -19,9 +19,6 @@
 static int run(int argc, char *argv[]) {
         _cleanup_(notify_on_cleanup) const char *notify_message = NULL;
         _cleanup_(manager_freep) Manager *m = NULL;
-        const char *user = "systemd-network";
-        uid_t uid;
-        gid_t gid;
         int r;
 
         log_setup_service();
@@ -31,20 +28,24 @@ static int run(int argc, char *argv[]) {
         if (argc != 1)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program takes no arguments.");
 
-        r = get_user_creds(&user, &uid, &gid, NULL, NULL, 0);
-        if (r < 0)
-                return log_error_errno(r, "Cannot resolve user name %s: %m", user);
-
-        /* Create runtime directory. This is not necessary when networkd is
-         * started with "RuntimeDirectory=systemd/netif", or after
-         * systemd-tmpfiles-setup.service. */
-        r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, MKDIR_WARN_MODE);
-        if (r < 0)
-                log_warning_errno(r, "Could not create runtime directory: %m");
-
         /* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
-         * privileges are already dropped. */
+         * privileges are already dropped and we can't create our runtime directory. */
         if (geteuid() == 0) {
+                const char *user = "systemd-network";
+                uid_t uid;
+                gid_t gid;
+
+                r = get_user_creds(&user, &uid, &gid, NULL, NULL, 0);
+                if (r < 0)
+                        return log_error_errno(r, "Cannot resolve user name %s: %m", user);
+
+                /* Create runtime directory. This is not necessary when networkd is
+                 * started with "RuntimeDirectory=systemd/netif", or after
+                 * systemd-tmpfiles-setup.service. */
+                r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid, MKDIR_WARN_MODE);
+                if (r < 0)
+                        log_warning_errno(r, "Could not create runtime directory: %m");
+
                 r = drop_privileges(uid, gid,
                                     (1ULL << CAP_NET_ADMIN) |
                                     (1ULL << CAP_NET_BIND_SERVICE) |
@@ -57,15 +58,15 @@ static int run(int argc, char *argv[]) {
         /* Always create the directories people can create inotify watches in.
          * It is necessary to create the following subdirectories after drop_privileges()
          * to support old kernels not supporting AmbientCapabilities=. */
-        r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid, MKDIR_WARN_MODE);
+        r = mkdir_safe_label("/run/systemd/netif/links", 0755, UID_INVALID, GID_INVALID, MKDIR_WARN_MODE);
         if (r < 0)
                 log_warning_errno(r, "Could not create runtime directory 'links': %m");
 
-        r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid, MKDIR_WARN_MODE);
+        r = mkdir_safe_label("/run/systemd/netif/leases", 0755, UID_INVALID, GID_INVALID, MKDIR_WARN_MODE);
         if (r < 0)
                 log_warning_errno(r, "Could not create runtime directory 'leases': %m");
 
-        r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, uid, gid, MKDIR_WARN_MODE);
+        r = mkdir_safe_label("/run/systemd/netif/lldp", 0755, UID_INVALID, GID_INVALID, MKDIR_WARN_MODE);
         if (r < 0)
                 log_warning_errno(r, "Could not create runtime directory 'lldp': %m");