Two trivial nspawn fixes (#38152)

2026-04-14 00:14:32 +09:00 · 2025-07-10 16:19:18 +02:00
parent 1f24a954e4 4f54d81ace
commit 6a9cb1936f
2 changed files with 5 additions and 2 deletions
--- a/src/nspawn/nspawn-bind-user.c
+++ b/src/nspawn/nspawn-bind-user.c
@@ -269,7 +269,10 @@ int bind_user_prepare(
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot bind user with no UID, refusing.");

                if (u->uid >= uid_shift && u->uid < uid_shift + uid_range)
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "UID of user '%s' to map is already in container UID range, refusing.", u->user_name);
+                        return log_error_errno(
+                                        SYNTHETIC_ERRNO(EINVAL),
+                                        "UID "UID_FMT" of user '%s' to map is already in container UID range ("UID_FMT" - "UID_FMT"), refusing.",
+                                        u->uid, u->user_name, uid_shift, uid_shift + uid_range);

                r = groupdb_by_gid(user_record_gid(u), /* match= */ NULL, USERDB_DONT_SYNTHESIZE_INTRINSIC|USERDB_DONT_SYNTHESIZE_FOREIGN, &g);
                if (r < 0)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2485,7 +2485,7 @@ static int setup_credentials(const char *root) {
                if (fchmod(fd, world_readable ? 0444 : 0400) < 0)
                        return log_error_errno(errno, "Failed to adjust access mode of %s: %m", j);

-                if (arg_userns_mode != USER_NAMESPACE_NO)
+                if (in_child_chown())
                        if (fchown(fd, arg_uid_shift, arg_uid_shift) < 0)
                                return log_error_errno(errno, "Failed to adjust ownership of %s: %m", j);
        }