core/execute: do not use the negative errno when setup_namespace() returns -ENOANO

Without this, log shows meaningless error message 'No anode', e.g.,
===
Failed to unshare the mount namespace: Operation not permitted
foo.service: Failed to set up mount namespacing: No anode
foo.service: Failed at step NAMESPACE spawning /usr/bin/test: No anode
===

Follow-up for 1beab8b0d0ff2d7d1436b52d4a0c3d56dc908962.

diff --git a/src/core/execute.c b/src/core/execute.c
index 501b367..35dd389 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2400,12 +2400,16 @@ static int apply_mount_namespace(
          * that with a special, recognizable error ENOANO. In this case, silently proceeed, but only if exclusively
          * sandboxing options were used, i.e. nothing such as RootDirectory= or BindMount= that would result in a
          * completely different execution environment. */
-        if (r == -ENOANO &&
-            n_bind_mounts == 0 && context->n_temporary_filesystems == 0 &&
-            !root_dir && !root_image &&
-            !context->dynamic_user) {
-                log_unit_debug(u, "Failed to set up namespace, assuming containerized execution and ignoring.");
-                return 0;
+        if (r == -ENOANO) {
+                if (n_bind_mounts == 0 &&
+                    context->n_temporary_filesystems == 0 &&
+                    !root_dir && !root_image &&
+                    !context->dynamic_user) {
+                        log_unit_debug(u, "Failed to set up namespace, assuming containerized execution and ignoring.");
+                        return 0;
+                }
+
+                return -EOPNOTSUPP;
         }
 
         return r;