From ccabee0d6465f06b9d339cf449fd8eea0db13373 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Apr 2016 14:10:09 +0200
Subject: nspawn: make -U a tiny bit smarter

With this change -U will turn on user namespacing only if the kernel actually
supports it and otherwise gracefully degrade to non-userns mode.
---
 src/nspawn/nspawn.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'src/nspawn')

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 40e3d5a3fe..c8a7ec71a3 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -866,11 +866,14 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case 'U':
-                        arg_userns_mode = USER_NAMESPACE_PICK;
-                        arg_uid_shift = UID_INVALID;
-                        arg_uid_range = UINT32_C(0x10000);
+                        if (userns_supported()) {
+                                arg_userns_mode = USER_NAMESPACE_PICK;
+                                arg_uid_shift = UID_INVALID;
+                                arg_uid_range = UINT32_C(0x10000);
+
+                                arg_settings_mask |= SETTING_USERNS;
+                        }
 
-                        arg_settings_mask |= SETTING_USERNS;
                         break;
 
                 case ARG_PRIVATE_USERS_CHOWN:
@@ -990,7 +993,7 @@ static int parse_argv(int argc, char *argv[]) {
                 return -EINVAL;
         }
 
-        if (arg_userns_mode != USER_NAMESPACE_NO && access("/proc/self/uid_map", F_OK) < 0) {
+        if (arg_userns_mode != USER_NAMESPACE_NO && !userns_supported()) {
                 log_error("--private-users= is not supported, kernel compiled without user namespace support.");
                 return -EOPNOTSUPP;
         }
-- 
cgit v1.2.3-54-g00ecf