load-fragment: Fix config_parse_namespace_flags() for DelegateNamespaces= (#36633)

Boolean values have to be handled separately for RestrictNamespaces=
because
they get stored in a field with reverse meaning (which namespaces are
retained),
so let's check which field we're parsing and set the proper value
accordingly.

src/core/load-fragment.c

@@ -3593,10 +3593,13 @@ int config_parse_namespace_flags(
         /* Boolean parameter ignores the previous settings */
         r = parse_boolean(rvalue);
         if (r > 0) {
-                *flags = 0;
+                /* RestrictNamespaces= value gets stored into a field with reverse semantics (the namespaces
+                 * which are retained), so RestrictNamespaces=true means we retain no access to any
+                 * namespaces and vice-versa. */
+                *flags = streq(lvalue, "RestrictNamespaces") ? 0 : all;
                 return 0;
         } else if (r == 0) {
-                *flags = all;
+                *flags = streq(lvalue, "RestrictNamespaces") ? all : 0;
                 return 0;
         }
 

src/portable/profile/default/service.conf

@@ -24,6 +24,7 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
+DelegateNamespaces=no
 SystemCallFilter=@system-service
 SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native

src/portable/profile/nonetwork/service.conf

@@ -22,6 +22,7 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
+DelegateNamespaces=no
 SystemCallFilter=@system-service
 SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native

src/portable/profile/strict/service.conf

@@ -20,6 +20,7 @@ NoNewPrivileges=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
+DelegateNamespaces=no
 SystemCallFilter=@system-service
 SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native