From 6f60ce002bce0ac155c263765ff272a4b28456cc Mon Sep 17 00:00:00 2001 From: DaanDeMeyer Date: Fri, 4 Jul 2025 21:21:25 +0200 Subject: [PATCH 1/2] nspawn: Improve log message --- src/nspawn/nspawn-bind-user.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/nspawn/nspawn-bind-user.c b/src/nspawn/nspawn-bind-user.c index e7d976d199..a17365d497 100644 --- a/src/nspawn/nspawn-bind-user.c +++ b/src/nspawn/nspawn-bind-user.c @@ -269,7 +269,10 @@ int bind_user_prepare( return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Cannot bind user with no UID, refusing."); if (u->uid >= uid_shift && u->uid < uid_shift + uid_range) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "UID of user '%s' to map is already in container UID range, refusing.", u->user_name); + return log_error_errno( + SYNTHETIC_ERRNO(EINVAL), + "UID "UID_FMT" of user '%s' to map is already in container UID range ("UID_FMT" - "UID_FMT"), refusing.", + u->uid, u->user_name, uid_shift, uid_shift + uid_range); r = groupdb_by_gid(user_record_gid(u), /* match= */ NULL, USERDB_DONT_SYNTHESIZE_INTRINSIC|USERDB_DONT_SYNTHESIZE_FOREIGN, &g); if (r < 0) From 4f54d81ace6ca0284d9cab68249c65d7c0b903ce Mon Sep 17 00:00:00 2001 From: DaanDeMeyer Date: Fri, 4 Jul 2025 21:21:35 +0200 Subject: [PATCH 2/2] nspawn: Use in_child_chown() in one more place --- src/nspawn/nspawn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index f0cfd4f1aa..efe6e535c4 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -2485,7 +2485,7 @@ static int setup_credentials(const char *root) { if (fchmod(fd, world_readable ? 0444 : 0400) < 0) return log_error_errno(errno, "Failed to adjust access mode of %s: %m", j); - if (arg_userns_mode != USER_NAMESPACE_NO) + if (in_child_chown()) if (fchown(fd, arg_uid_shift, arg_uid_shift) < 0) return log_error_errno(errno, "Failed to adjust ownership of %s: %m", j); }