From c78b06b1d23b95e4ea5f507a719bded6a2737581 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 26 Feb 2025 22:31:35 +0100 Subject: [PATCH 1/2] exec-invoke: Fix unshare() error handling Follow up for cd58b5a13537fc89b669ff9232ba2206214c9fa1 --- src/core/exec-invoke.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 2cfff50afc..6929dc1c15 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -5182,10 +5182,9 @@ int exec_invoke( } if (needs_sandboxing && exec_needs_cgroup_namespace(context, params)) { - r = unshare(CLONE_NEWCGROUP); - if (r < 0) { + if (unshare(CLONE_NEWCGROUP) < 0) { *exit_status = EXIT_NAMESPACE; - return log_exec_error_errno(context, params, r, "Failed to set up cgroup namespacing: %m"); + return log_exec_error_errno(context, params, errno, "Failed to set up cgroup namespacing: %m"); } } From f215835cb88fd18fca68561b8ff1149632939e94 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 26 Feb 2025 22:34:33 +0100 Subject: [PATCH 2/2] exec-invoke: Fix invalid use of error variable Follow up for 406f1775017a5631bc91a1f53ac5e50f4fbfac0c --- src/core/exec-invoke.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 6929dc1c15..10f425139b 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -5193,7 +5193,7 @@ int exec_invoke( if (needs_sandboxing && exec_needs_pid_namespace(context)) { if (params->pidref_transport_fd < 0) { *exit_status = EXIT_NAMESPACE; - return log_exec_error_errno(context, params, r, "PidRef socket is not set up: %m"); + return log_exec_error_errno(context, params, SYNTHETIC_ERRNO(ENOTCONN), "PidRef socket is not set up: %m"); } /* If we had CAP_SYS_ADMIN prior to joining the user namespace, then we are privileged and don't need