From eb14b993bb426b67553babb48de75bec30063a4c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 23 Nov 2024 06:08:48 +0900 Subject: namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported() Follow-up for edae62120f13b24d51812d1d7c0ab24acb420305. Fixes #35311. --- src/basic/namespace-util.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c index 2c61506149..1d566f59e8 100644 --- a/src/basic/namespace-util.c +++ b/src/basic/namespace-util.c @@ -531,6 +531,10 @@ int is_idmapping_supported(const char *path) { userns_fd = userns_acquire(uid_map, gid_map); if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd)) return false; + if (userns_fd == -ENOSPC) { + log_debug_errno(userns_fd, "Failed to acquire new user namespace, user.max_user_namespaces seems to be exhausted or maybe even zero, assuming ID-mapping is not supported: %m"); + return false; + } if (userns_fd < 0) return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path); -- cgit v1.2.3 From 2994ca354bafa4c79d13ce168348c035e6e0428a Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sat, 23 Nov 2024 06:10:32 +0900 Subject: namespace-util: update log messages --- src/basic/namespace-util.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c index 1d566f59e8..5e8908216c 100644 --- a/src/basic/namespace-util.c +++ b/src/basic/namespace-util.c @@ -536,19 +536,19 @@ int is_idmapping_supported(const char *path) { return false; } if (userns_fd < 0) - return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path); + return log_debug_errno(userns_fd, "Failed to acquire new user namespace for checking if '%s' supports ID-mapping: %m", path); dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW)); if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd)) return false; if (dir_fd < 0) - return log_debug_errno(dir_fd, "ID-mapping supported open failed for '%s' : %m", path); + return log_debug_errno(dir_fd, "Failed to open '%s', cannot determine if ID-mapping is supported: %m", path); mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC)); if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL) return false; if (mount_fd < 0) - return log_debug_errno(mount_fd, "ID-mapping supported open_tree failed for '%s' : %m", path); + return log_debug_errno(mount_fd, "Failed to open mount tree '%s', cannot determine if ID-mapping is supported: %m", path); r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH, &(struct mount_attr) { @@ -558,7 +558,7 @@ int is_idmapping_supported(const char *path) { if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL) return false; if (r < 0) - return log_debug_errno(r, "ID-mapping supported setattr failed for '%s' : %m", path); + return log_debug_errno(r, "Failed to set mount attribute to '%s', cannot determine if ID-mapping is supported: %m", path); return true; } -- cgit v1.2.3