mirror of
https://github.com/systemd/systemd
synced 2024-10-06 16:21:34 +00:00
executor: check for all permission related errnos when setting up IPC namespace
Denials from AppArmor are raised as EACCES, so EPERM is not enough. Do
the same check as PrivateNetwork above.
Fixes https://github.com/systemd/systemd/issues/31037
Related to 06384eb3c5
This commit is contained in:
parent
e8b81df8b2
commit
cafe40ec82
|
@ -4753,7 +4753,7 @@ int exec_invoke(
|
|||
|
||||
if (ns_type_supported(NAMESPACE_IPC)) {
|
||||
r = setup_shareable_ns(runtime->shared->ipcns_storage_socket, CLONE_NEWIPC);
|
||||
if (r == -EPERM)
|
||||
if (ERRNO_IS_NEG_PRIVILEGE(r))
|
||||
log_exec_warning_errno(context, params, r,
|
||||
"PrivateIPC=yes is configured, but IPC namespace setup failed, ignoring: %m");
|
||||
else if (r < 0) {
|
||||
|
|
Loading…
Reference in a new issue