core: allow to run generators without sandboxing on qemu-user

When running on non-native userland architecture via systemd-nspawn and qemu-user-static QEMU-emulator, clone() with CLONE_NEWNS fails with EINVAL. Fixes #28901. [zjs: add a comment in the code] (cherry picked from commit 4680187)
systemd · Sep 6, 2023 · d4681ee · d4681ee
1 parent c11654a
commit d4681ee
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/src/core/manager.c b/src/core/manager.c
@@ -4034,13 +4034,20 @@ static int manager_run_generators(Manager *m) {
                 _exit(r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE);
         }
         if (r < 0) {
-                if (!ERRNO_IS_PRIVILEGE(r)) {
+                if (!ERRNO_IS_PRIVILEGE(r) && r != -EINVAL) {
                         log_error_errno(r, "Failed to fork off sandboxing environment for executing generators: %m");
                         goto finish;
                 }
 
                 /* Failed to fork with new mount namespace? Maybe, running in a container environment with
-                 * seccomp or without capability. */
+                 * seccomp or without capability.
+                 *
+                 * We also allow -EINVAL to allow running without CLONE_NEWNS.
+                 *
+                 * Also, when running on non-native userland architecture via systemd-nspawn and
+                 * qemu-user-static QEMU-emulator, clone() with CLONE_NEWNS fails with EINVAL, see
+                 * https://github.com/systemd/systemd/issues/28901.
+                 */
                 log_debug_errno(r,
                                 "Failed to fork off sandboxing environment for executing generators. "
                                 "Falling back to execute generators without sandboxing: %m");