core: DelegateNamespaces= does not depend on seccomp (#36580)

2026-04-14 00:14:32 +09:00 · 2025-03-02 11:23:36 -08:00
parent f2e38b01e0
commit 241a0f6e0a
2 changed files with 3 additions and 3 deletions
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -74,7 +74,6 @@
 {{type}}.SystemCallLog,                       config_parse_syscall_log,                           0,                                  offsetof({{type}}, exec_context)
 {{type}}.MemoryDenyWriteExecute,              config_parse_bool,                                  0,                                  offsetof({{type}}, exec_context.memory_deny_write_execute)
 {{type}}.RestrictNamespaces,                  config_parse_namespace_flags,                       0,                                  offsetof({{type}}, exec_context.restrict_namespaces)
-{{type}}.DelegateNamespaces,                  config_parse_namespace_flags,                       0,                                  offsetof({{type}}, exec_context.delegate_namespaces)
 {{type}}.RestrictRealtime,                    config_parse_bool,                                  0,                                  offsetof({{type}}, exec_context.restrict_realtime)
 {{type}}.RestrictSUIDSGID,                    config_parse_bool,                                  0,                                  offsetof({{type}}, exec_context.restrict_suid_sgid)
 {{type}}.RestrictAddressFamilies,             config_parse_address_families,                      0,                                  offsetof({{type}}, exec_context)
@@ -91,6 +90,7 @@
 {{type}}.RestrictAddressFamilies,             config_parse_warn_compat,                           DISABLED_CONFIGURATION,             0
 {{type}}.LockPersonality,                     config_parse_warn_compat,                           DISABLED_CONFIGURATION,             0
 {% endif %}
+{{type}}.DelegateNamespaces,                  config_parse_namespace_flags,                       0,                                  offsetof({{type}}, exec_context.delegate_namespaces)
 {{type}}.RestrictFileSystems,                 config_parse_restrict_filesystems,                  0,                                  offsetof({{type}}, exec_context)
 {{type}}.LimitCPU,                            config_parse_rlimit,                                RLIMIT_CPU,                         offsetof({{type}}, exec_context.rlimit)
 {{type}}.LimitFSIZE,                          config_parse_rlimit,                                RLIMIT_FSIZE,                       offsetof({{type}}, exec_context.rlimit)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3565,6 +3565,7 @@ int config_parse_address_families(
                        set_remove(c->address_families, INT_TO_PTR(af));
        }
 }
+#endif

 int config_parse_namespace_flags(
                const char *unit,
@@ -3628,7 +3629,6 @@ int config_parse_namespace_flags(

        return 0;
 }
-#endif

 int config_parse_restrict_filesystems(
                const char *unit,
@@ -6367,8 +6367,8 @@ void unit_dump_config_items(FILE *f) {
                { config_parse_syscall_errno,         "ERRNO" },
                { config_parse_syscall_log,           "SYSCALLS" },
                { config_parse_address_families,      "FAMILIES" },
-                { config_parse_namespace_flags,       "NAMESPACES" },
 #endif
+                { config_parse_namespace_flags,       "NAMESPACES" },
                { config_parse_restrict_filesystems,  "FILESYSTEMS"  },
                { config_parse_cpu_shares,            "SHARES" },
                { config_parse_cg_weight,             "WEIGHT" },