From d4681eee35af4662620bf815f423cce8e1d51350 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 24 Aug 2023 23:10:26 +0900 Subject: [PATCH] core: allow to run generators without sandboxing on qemu-user When running on non-native userland architecture via systemd-nspawn and qemu-user-static QEMU-emulator, clone() with CLONE_NEWNS fails with EINVAL. Fixes #28901. [zjs: add a comment in the code] (cherry picked from commit 468018703ce1c0f123240fb6ba9b8b0b90f12930) --- src/core/manager.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c index 22ec6e79b17..dd708902a53 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -4034,13 +4034,20 @@ static int manager_run_generators(Manager *m) { _exit(r >= 0 ? EXIT_SUCCESS : EXIT_FAILURE); } if (r < 0) { - if (!ERRNO_IS_PRIVILEGE(r)) { + if (!ERRNO_IS_PRIVILEGE(r) && r != -EINVAL) { log_error_errno(r, "Failed to fork off sandboxing environment for executing generators: %m"); goto finish; } /* Failed to fork with new mount namespace? Maybe, running in a container environment with - * seccomp or without capability. */ + * seccomp or without capability. + * + * We also allow -EINVAL to allow running without CLONE_NEWNS. + * + * Also, when running on non-native userland architecture via systemd-nspawn and + * qemu-user-static QEMU-emulator, clone() with CLONE_NEWNS fails with EINVAL, see + * https://github.com/systemd/systemd/issues/28901. + */ log_debug_errno(r, "Failed to fork off sandboxing environment for executing generators. " "Falling back to execute generators without sandboxing: %m");