executor: check for all permission related errnos when setting up IPC…

… namespace Denials from AppArmor are raised as EACCES, so EPERM is not enough. Do the same check as PrivateNetwork above. Fixes systemd/systemd#31037 Related to 06384eb (cherry picked from commit cafe40e)
systemd · May 27, 2024 · e481710 · e481710
1 parent 632b493
commit e481710
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
@@ -4639,7 +4639,7 @@ int exec_invoke(
 
                 if (ns_type_supported(NAMESPACE_IPC)) {
                         r = setup_shareable_ns(runtime->shared->ipcns_storage_socket, CLONE_NEWIPC);
-                        if (r == -EPERM)
+                        if (ERRNO_IS_NEG_PRIVILEGE(r))
                                 log_exec_warning_errno(context, params, r,
                                                        "PrivateIPC=yes is configured, but IPC namespace setup failed, ignoring: %m");
                         else if (r < 0) {