From 11b982053bdc31806e571ea0771d7f10cb276d69 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 6 Mar 2025 14:15:34 +0100
Subject: [PATCH] load-fragment: Fix config_parse_namespace_flags() for
 DelegateNamespaces=

Boolean values have to be handled separately for RestrictNamespaces= because
they get stored in a field with reverse meaning (which namespaces are retained),
so let's check which field we're parsing and set the proper value accordingly.
---
 src/core/load-fragment.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 2eb3ed4cf4..60e7c2f50d 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3593,10 +3593,13 @@ int config_parse_namespace_flags(
         /* Boolean parameter ignores the previous settings */
         r = parse_boolean(rvalue);
         if (r > 0) {
-                *flags = 0;
+                /* RestrictNamespaces= value gets stored into a field with reverse semantics (the namespaces
+                 * which are retained), so RestrictNamespaces=true means we retain no access to any
+                 * namespaces and vice-versa. */
+                *flags = streq(lvalue, "RestrictNamespaces") ? 0 : all;
                 return 0;
         } else if (r == 0) {
-                *flags = all;
+                *flags = streq(lvalue, "RestrictNamespaces") ? all : 0;
                 return 0;
         }