diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch index 4e9e71765aef..493a9d266d7a 100644 --- a/pkgs/os-specific/linux/systemd/fixes.patch +++ b/pkgs/os-specific/linux/systemd/fixes.patch @@ -26,6 +26,45 @@ index 41605ee..8517369 100644 if (switch_root_dir) args[i++] = "--switched-root"; args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user"; +diff --git a/src/core/socket.c b/src/core/socket.c +index 7c18a2b..eba67d5 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -663,16 +663,25 @@ static int instance_from_socket(int fd, unsigned nr, char **instance) { + int k; + + k = getpeercred(fd, &ucred); +- if (k < 0) ++ if (k == -ENODATA) { ++ /* This handles the case where somebody is ++ * connecting from another pid/uid namespace ++ * (e.g. from outside of our container). */ ++ if (asprintf(&r, ++ "%u-unknown", ++ nr) < 0) ++ return -ENOMEM; ++ } ++ else if (k < 0) + return k; +- +- if (asprintf(&r, +- "%u-%lu-%lu", +- nr, +- (unsigned long) ucred.pid, +- (unsigned long) ucred.uid) < 0) +- return -ENOMEM; +- ++ else { ++ if (asprintf(&r, ++ "%u-%lu-%lu", ++ nr, ++ (unsigned long) ucred.pid, ++ (unsigned long) ucred.uid) < 0) ++ return -ENOMEM; ++ } + break; + } + diff --git a/src/core/umount.c b/src/core/umount.c index d1258f0..0311812 100644 --- a/src/core/umount.c