src/basic/cgroup-util.h

@@ -216,7 +216,7 @@ static inline int cg_pidref_get_unit(const PidRef *pidref, char **ret_unit) {
 }
 int cg_pid_get_user_unit_full(pid_t pid, char **ret_unit, char **ret_subgroup);
 static inline int cg_pid_get_user_unit(pid_t pid, char **ret_unit) {
-        return cg_pid_get_user_unit_full(pid, ret_unit, NULL);
+        return cg_pid_get_unit_full(pid, ret_unit, NULL);
 }
 int cg_pidref_get_user_unit_full(const PidRef *pidref, char **ret_unit, char **ret_subgroup);
 static inline int cg_pidref_get_user_unit(const PidRef *pidref, char **ret_unit) {

src/core/exec-invoke.c

@@ -4607,7 +4607,7 @@ static int setup_delegated_namespaces(
                 bool delegate,
                 const char *memory_pressure_path,
                 uid_t uid,
-                gid_t gid,
+                uid_t gid,
                 const ExecCommand *command,
                 bool needs_sandboxing,
                 bool have_cap_sys_admin,

src/libsystemd/sd-login/test-login.c

@@ -59,9 +59,6 @@ TEST(login) {
         log_info("sd_pid_get_user_unit(0, …) → %s / \"%s\"", e(r), strnull(user_unit));
         assert_se(IN_SET(r, 0, -ENODATA));
 
-        /* Coverage for https://github.com/systemd/systemd/issues/39949 */
-        assert_se(!unit || !user_unit || !streq(unit, user_unit));
-
         r = sd_pid_get_slice(0, &slice);
         log_info("sd_pid_get_slice(0, …) → %s / \"%s\"", e(r), strnull(slice));
         assert_se(IN_SET(r, 0, -ENODATA));

src/machine/machined-dbus.c

@@ -270,33 +270,12 @@ static int machine_add_from_params(
                 return r;
 
         /* Ensure an unprivileged user cannot claim any process they don't control as their own machine */
-        switch (manager->runtime_scope) {
+        if (uid != 0) {
-
-        case RUNTIME_SCOPE_SYSTEM:
-                /* In system mode root may register anything */
-                if (uid == 0)
-                        break;
-
-                /* And non-root may only register things if they own the userns */
                 r = process_is_owned_by_uid(leader_pidref, uid);
                 if (r < 0)
                         return r;
-                if (r > 0)
+                if (r == 0)
-                        break;
+                        return sd_bus_error_set(error, SD_BUS_ERROR_ACCESS_DENIED, "Only root may register machines for other users");
-
-                /* Nothing else may */
-                return sd_bus_error_set(error, SD_BUS_ERROR_ACCESS_DENIED, "Only root may register machines for other users");
-
-        case RUNTIME_SCOPE_USER:
-                /* In user mode the user owning our instance may register anything. */
-                if (uid == getuid())
-                        break;
-
-                /* Nothing else may */
-                return sd_bus_error_set(error, SD_BUS_ERROR_ACCESS_DENIED, "Other users may not register machines with us, sorry.");
-
-        default:
-                assert_not_reached();
         }
 
         if (manager->runtime_scope != RUNTIME_SCOPE_USER) {