executor: check for all permission related errnos when setting up IPC namespace

Denials from AppArmor are raised as EACCES, so EPERM is not enough. Do the same check as PrivateNetwork above. Fixes https://github.com/systemd/systemd/issues/31037 Related to 06384eb3c5
2024-07-08 20:15:55 +00:00 · 2024-05-27 01:52:11 +01:00 · 2024-05-27 01:52:11 +01:00 · cafe40ec82
commit cafe40ec82
parent e8b81df8b2
1 changed files with 1 additions and 1 deletions
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@ -4753,7 +4753,7 @@ int exec_invoke(

                if (ns_type_supported(NAMESPACE_IPC)) {
                        r = setup_shareable_ns(runtime->shared->ipcns_storage_socket, CLONE_NEWIPC);
-                        if (r == -EPERM)
+                        if (ERRNO_IS_NEG_PRIVILEGE(r))
                                log_exec_warning_errno(context, params, r,
                                                       "PrivateIPC=yes is configured, but IPC namespace setup failed, ignoring: %m");
                        else if (r < 0) {