test: consolidate checks for unpriv nspawn support in TEST-13-NSPAWN

[   69.058386] systemd-nspawn[4371]: varlink: Sending message: {"method":"io.systemd.NamespaceResource.AllocateUserRange","parameters":{"name":"nspawn-4371-zurps","mangleName":true,"size":65536,"userNamespaceFileDescriptor":0}}
[   69.058447] systemd-nsresourcework[4339]: varlink-6-6: Received message: {"method":"io.systemd.NamespaceResource.AllocateUserRange","parameters":{"name":"nspawn-4371-zurps","mangleName":true,"size":65536,"userNamespaceFileDescriptor":0}}
[   69.058455] systemd-nsresourcework[4339]: varlink-6-6: Changing state idle-server → processing-method
[   69.058479] systemd-nsresourcework[4339]: varlink-6-6: Sending message: {"error":"io.systemd.NamespaceResource.UserNamespaceInterfaceNotSupported","parameters":{}}
[   69.058482] systemd-nsresourcework[4339]: varlink-6-6: Changing state processing-method → processed-method
[   69.058486] systemd-nsresourcework[4339]: varlink-6-6: Changing state processed-method → idle-server
[   69.058599] systemd-nspawn[4371]: varlink: Received message: {"error":"io.systemd.NamespaceResource.UserNamespaceInterfaceNotSupported","parameters":{}}
[   69.058604] systemd-nspawn[4371]: varlink: Changing state calling → called
[   69.058609] systemd-nspawn[4371]: varlink: Changing state called → idle-client
[   69.058614] systemd-nspawn[4371]: Unprivileged user namespace delegation is not supported on this system.
[   69.058637] systemd-nsresourcework[4339]: varlink-6-6: Got POLLHUP from socket.
[   69.058647] systemd-nsresourcework[4339]: varlink-6-6: Changing state idle-server → pending-disconnect
[   69.058653] systemd-nsresourcework[4339]: varlink-6-6: Changing state pending-disconnect → processing-disconnect
[   69.058656] systemd-nsresourcework[4339]: varlink-6-6: Changing state processing-disconnect → disconnected
[   69.058698] systemd-nspawn[4371]: Failed to allocate user namespace with 64K users: Operation not supported
[   69.058779] systemd[4344]: systemd-nspawn@zurps.service: Got notification message from PID 4371: STOPPING=1, STATUS=Terminating...

Follow-up for bfd356da63

test/units/TEST-13-NSPAWN.nspawn.sh

@@ -1208,28 +1208,6 @@ EOF
     rm -fr "$root"
 }
 
-can_do_rootless_nspawn() {
-    # Our create_dummy_ddi() uses squashfs and openssl.
-    command -v mksquashfs &&
-    command -v openssl &&
-
-    # mountfsd must be enabled...
-    [[ -S /run/systemd/io.systemd.MountFileSystem ]] &&
-    # ...and have pidfd support for unprivileged operation.
-    systemd-analyze compare-versions "$(uname -r)" ge 6.5 &&
-    systemd-analyze compare-versions "$(pkcheck --version | awk '{print $3}')" ge 124 &&
-
-    # nsresourced must be enabled...
-    [[ -S /run/systemd/userdb/io.systemd.NamespaceResource ]] &&
-    # ...and must support the UserNamespaceInterface.
-    ! (SYSTEMD_LOG_TARGET=console varlinkctl call \
-           /run/systemd/userdb/io.systemd.NamespaceResource \
-           io.systemd.NamespaceResource.AllocateUserRange \
-           '{"name":"test-supported","size":65536,"userNamespaceFileDescriptor":0}' \
-           2>&1 || true) |
-        grep -q "io.systemd.NamespaceResource.UserNamespaceInterfaceNotSupported"
-}
-
 create_dummy_ddi() {
     local outdir="${1:?}"
     local container_name="${2:?}"

test/units/TEST-13-NSPAWN.unpriv.sh

@@ -7,12 +7,7 @@ set -o pipefail
 # shellcheck source=test/units/util.sh
 . "$(dirname "$0")"/util.sh
 
-if [[ ! -f /usr/lib/systemd/system/systemd-mountfsd.socket ]] ||
-   [[ ! -f /usr/lib/systemd/system/systemd-nsresourced.socket ]] ||
-   ! grep -q bpf /sys/kernel/security/lsm ||
-   ! find /usr/lib* -name libbpf.so.1 2>/dev/null | grep . ||
-   systemd-analyze compare-versions "$(uname -r)" lt 6.5 ||
-   systemd-analyze compare-versions "$(pkcheck --version | awk '{print $3}')" lt 124; then
+if ! can_do_rootless_nspawn; then
     echo "Skipping unpriv nspawn test"
     exit 0
 fi
@@ -25,8 +20,6 @@ at_exit() {
 
 trap at_exit EXIT
 
-systemctl start systemd-mountfsd.socket systemd-nsresourced.socket
-
 run0 -u testuser mkdir -p .local/state/machines
 
 create_dummy_container /home/testuser/.local/state/machines/zurps

test/units/util.sh

@@ -186,6 +186,36 @@ create_dummy_container() {
     coverage_create_nspawn_dropin "$root"
 }
 
+can_do_rootless_nspawn() {
+    # Our create_dummy_ddi() uses squashfs and openssl.
+    command -v mksquashfs &&
+    command -v openssl &&
+
+    # Need to have bpf-lsm
+    grep -q bpf /sys/kernel/security/lsm &&
+    # ...and libbpf installed
+    find /usr/lib* -name "libbpf.so.*" 2>/dev/null | grep -q . &&
+
+    # Ensure mountfsd/nsresourced are listening
+    systemctl start systemd-mountfsd.socket systemd-nsresourced.socket &&
+
+    # mountfsd must be enabled...
+    [[ -S /run/systemd/io.systemd.MountFileSystem ]] &&
+    # ...and have pidfd support for unprivileged operation.
+    systemd-analyze compare-versions "$(uname -r)" ge 6.5 &&
+    systemd-analyze compare-versions "$(pkcheck --version | awk '{print $3}')" ge 124 &&
+
+    # nsresourced must be enabled...
+    [[ -S /run/systemd/userdb/io.systemd.NamespaceResource ]] &&
+    # ...and must support the UserNamespaceInterface.
+    ! (SYSTEMD_LOG_TARGET=console varlinkctl call \
+           /run/systemd/userdb/io.systemd.NamespaceResource \
+           io.systemd.NamespaceResource.AllocateUserRange \
+           '{"name":"test-supported","size":65536,"userNamespaceFileDescriptor":0}' \
+           2>&1 || true) |
+        grep -q "io.systemd.NamespaceResource.UserNamespaceInterfaceNotSupported"
+}
+
 # Bump the reboot counter and call systemctl with the given arguments
 systemctl_final() {
     local counter