diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c8ca543b45..6764f89b02 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1967,7 +1967,7 @@ BindReadOnlyPaths=/var/lib/systemd
PrivateUsers=
Takes a boolean argument or one of self or
- identity. Defaults to off. If enabled, sets up a new user namespace for the
+ identity. Defaults to false. If enabled, sets up a new user namespace for the
executed processes and configures a user and group mapping. If set to a true value or
self, a minimal user and group mapping is configured that maps the
root user and group as well as the unit's own user and group to themselves and
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index d42d785f19..08c1acf397 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1038,7 +1038,7 @@ static int property_get_private_users(
sd_bus_error *error) {
PrivateUsers *p = ASSERT_PTR(userdata);
- int b = *p != PRIVATE_USERS_OFF;
+ int b = *p != PRIVATE_USERS_NO;
return sd_bus_message_append_basic(reply, 'b', &b);
}
@@ -1882,7 +1882,7 @@ int bus_exec_context_set_transient_property(
return r;
if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
- c->private_users = v ? PRIVATE_USERS_SELF : PRIVATE_USERS_OFF;
+ c->private_users = v ? PRIVATE_USERS_SELF : PRIVATE_USERS_NO;
(void) unit_write_settingf(u, flags, name, "%s=%s", name, yes_no(v));
}
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 2bd43a95dd..499ac4d4c6 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -2096,7 +2096,7 @@ static int setup_private_users(PrivateUsers private_users, uid_t ouid, gid_t ogi
* For unprivileged users (i.e. without capabilities), the root to root mapping is excluded. As such, it
* does not need CAP_SETUID to write the single line mapping to itself. */
- if (private_users == PRIVATE_USERS_OFF)
+ if (private_users == PRIVATE_USERS_NO)
return 0;
if (private_users == PRIVATE_USERS_IDENTITY) {
@@ -3851,7 +3851,7 @@ static bool exec_context_need_unprivileged_private_users(
if (params->runtime_scope != RUNTIME_SCOPE_USER)
return false;
- return context->private_users != PRIVATE_USERS_OFF ||
+ return context->private_users != PRIVATE_USERS_NO ||
context->private_tmp != PRIVATE_TMP_OFF ||
context->private_devices ||
context->private_network ||
@@ -4762,13 +4762,13 @@ int exec_invoke(
* Users with CAP_SYS_ADMIN can set up user namespaces last because they will be able to
* set up all of the other namespaces (i.e. network, mount, UTS) without a user namespace. */
PrivateUsers pu = context->private_users;
- if (pu == PRIVATE_USERS_OFF)
+ if (pu == PRIVATE_USERS_NO)
pu = PRIVATE_USERS_SELF;
r = setup_private_users(pu, saved_uid, saved_gid, uid, gid);
/* If it was requested explicitly and we can't set it up, fail early. Otherwise, continue and let
* the actual requested operations fail (or silently continue). */
- if (r < 0 && context->private_users != PRIVATE_USERS_OFF) {
+ if (r < 0 && context->private_users != PRIVATE_USERS_NO) {
*exit_status = EXIT_USER;
return log_exec_error_errno(context, params, r, "Failed to set up user namespacing for unprivileged user: %m");
}
diff --git a/src/core/namespace.c b/src/core/namespace.c
index b7fe4ffbcc..6909fb4a06 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -3229,7 +3229,7 @@ static const char* const private_tmp_table[_PRIVATE_TMP_MAX] = {
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(private_tmp, PrivateTmp, PRIVATE_TMP_CONNECTED);
static const char* const private_users_table[_PRIVATE_USERS_MAX] = {
- [PRIVATE_USERS_OFF] = "off",
+ [PRIVATE_USERS_NO] = "no",
[PRIVATE_USERS_SELF] = "self",
[PRIVATE_USERS_IDENTITY] = "identity",
};
diff --git a/src/core/namespace.h b/src/core/namespace.h
index ad62db6490..d158b8b515 100644
--- a/src/core/namespace.h
+++ b/src/core/namespace.h
@@ -62,7 +62,7 @@ typedef enum PrivateTmp {
} PrivateTmp;
typedef enum PrivateUsers {
- PRIVATE_USERS_OFF,
+ PRIVATE_USERS_NO,
PRIVATE_USERS_SELF,
PRIVATE_USERS_IDENTITY,
_PRIVATE_USERS_MAX,