core: drop implicit support of PrivateUsers=off

Follow-up for fa693fdc7e. The documentation says the option takes a boolean or one of the "self" and "identity". But the parser uses private_users_from_string() which also accepts "off". Let's drop the implicit support of "off".
2026-04-14 08:25:20 +09:00 · 2024-10-07 13:40:55 +09:00
parent 2b577d598b
commit edd3f4d9b7
5 changed files with 9 additions and 9 deletions
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1967,7 +1967,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
        <term><varname>PrivateUsers=</varname></term>

        <listitem><para>Takes a boolean argument or one of <literal>self</literal> or
-        <literal>identity</literal>. Defaults to off. If enabled, sets up a new user namespace for the
+        <literal>identity</literal>. Defaults to false. If enabled, sets up a new user namespace for the
        executed processes and configures a user and group mapping. If set to a true value or
        <literal>self</literal>, a minimal user and group mapping is configured that maps the
        <literal>root</literal> user and group as well as the unit's own user and group to themselves and
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1038,7 +1038,7 @@ static int property_get_private_users(
                sd_bus_error *error) {

        PrivateUsers *p = ASSERT_PTR(userdata);
-        int b = *p != PRIVATE_USERS_OFF;
+        int b = *p != PRIVATE_USERS_NO;

        return sd_bus_message_append_basic(reply, 'b', &b);
 }
@@ -1882,7 +1882,7 @@ int bus_exec_context_set_transient_property(
                        return r;

                if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
-                        c->private_users = v ? PRIVATE_USERS_SELF : PRIVATE_USERS_OFF;
+                        c->private_users = v ? PRIVATE_USERS_SELF : PRIVATE_USERS_NO;
                        (void) unit_write_settingf(u, flags, name, "%s=%s", name, yes_no(v));
                }

--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -2096,7 +2096,7 @@ static int setup_private_users(PrivateUsers private_users, uid_t ouid, gid_t ogi
         * For unprivileged users (i.e. without capabilities), the root to root mapping is excluded. As such, it
         * does not need CAP_SETUID to write the single line mapping to itself. */

-        if (private_users == PRIVATE_USERS_OFF)
+        if (private_users == PRIVATE_USERS_NO)
                return 0;

        if (private_users == PRIVATE_USERS_IDENTITY) {
@@ -3851,7 +3851,7 @@ static bool exec_context_need_unprivileged_private_users(
        if (params->runtime_scope != RUNTIME_SCOPE_USER)
                return false;

-        return context->private_users != PRIVATE_USERS_OFF ||
+        return context->private_users != PRIVATE_USERS_NO ||
               context->private_tmp != PRIVATE_TMP_OFF ||
               context->private_devices ||
               context->private_network ||
@@ -4762,13 +4762,13 @@ int exec_invoke(
                 * Users with CAP_SYS_ADMIN can set up user namespaces last because they will be able to
                 * set up all of the other namespaces (i.e. network, mount, UTS) without a user namespace. */
                PrivateUsers pu = context->private_users;
-                if (pu == PRIVATE_USERS_OFF)
+                if (pu == PRIVATE_USERS_NO)
                        pu = PRIVATE_USERS_SELF;

                r = setup_private_users(pu, saved_uid, saved_gid, uid, gid);
                /* If it was requested explicitly and we can't set it up, fail early. Otherwise, continue and let
                 * the actual requested operations fail (or silently continue). */
-                if (r < 0 && context->private_users != PRIVATE_USERS_OFF) {
+                if (r < 0 && context->private_users != PRIVATE_USERS_NO) {
                        *exit_status = EXIT_USER;
                        return log_exec_error_errno(context, params, r, "Failed to set up user namespacing for unprivileged user: %m");
                }
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -3229,7 +3229,7 @@ static const char* const private_tmp_table[_PRIVATE_TMP_MAX] = {
 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_tmp, PrivateTmp, PRIVATE_TMP_CONNECTED);

 static const char* const private_users_table[_PRIVATE_USERS_MAX] = {
-        [PRIVATE_USERS_OFF]      = "off",
+        [PRIVATE_USERS_NO]       = "no",
        [PRIVATE_USERS_SELF]     = "self",
        [PRIVATE_USERS_IDENTITY] = "identity",
 };
--- a/src/core/namespace.h
+++ b/src/core/namespace.h
@@ -62,7 +62,7 @@ typedef enum PrivateTmp {
 } PrivateTmp;

 typedef enum PrivateUsers {
-        PRIVATE_USERS_OFF,
+        PRIVATE_USERS_NO,
        PRIVATE_USERS_SELF,
        PRIVATE_USERS_IDENTITY,
        _PRIVATE_USERS_MAX,