fix(bwrap): honor namespace fd 0

danielchristiancazares · danielchristiancazares · commit d58831b5e021 · 2026-02-22T22:05:12.000-08:00
Use -1 sentinel checks for --userns, --userns2, and --pidns so fd 0 is treated as a valid descriptor consistently.
diff --git a/bubblewrap.c b/bubblewrap.c
@@ -3112,7 +3112,7 @@ main (int    argc,
     }
 
   /* Switch to the custom user ns before the clone, gets us privs in that ns (assuming its a child of the current and thus allowed) */
-  if (opt_userns_fd > 0 && setns (opt_userns_fd, CLONE_NEWUSER) != 0)
+  if (opt_userns_fd != -1 && setns (opt_userns_fd, CLONE_NEWUSER) != 0)
     {
       if (errno == EINVAL)
         die ("Joining the specified user namespace failed, it might not be a descendant of the current user namespace.");
@@ -3178,7 +3178,7 @@ main (int    argc,
 
       /* Initial launched process, wait for pid 1 or exec:ed command to exit */
 
-      if (opt_userns2_fd > 0 && setns (opt_userns2_fd, CLONE_NEWUSER) != 0)
+      if (opt_userns2_fd != -1 && setns (opt_userns2_fd, CLONE_NEWUSER) != 0)
         die_with_error ("Setting userns2 failed");
 
       /* We don't need any privileges in the launcher, drop them immediately. */
@@ -3219,7 +3219,7 @@ main (int    argc,
       return monitor_child (event_fd, pid, setup_finished_pipe[0]);
     }
 
-  if (opt_pidns_fd > 0)
+  if (opt_pidns_fd != -1)
     {
       if (setns (opt_pidns_fd, CLONE_NEWPID) != 0)
         die_with_error ("Setting pidns failed");
@@ -3446,7 +3446,7 @@ main (int    argc,
       die_with_error ("chdir /");
   }
 
-  if (opt_userns2_fd > 0 && setns (opt_userns2_fd, CLONE_NEWUSER) != 0)
+  if (opt_userns2_fd != -1 && setns (opt_userns2_fd, CLONE_NEWUSER) != 0)
     die_with_error ("Setting userns2 failed");
 
   if (opt_unshare_user && opt_userns_block_fd == -1 &&

Original file line number	Diff line number	Diff line change
`@@ -3112,7 +3112,7 @@ main (int argc,`
`3112`	`3112`	`}`
`3113`	`3113`
`3114`	`3114`	`/* Switch to the custom user ns before the clone, gets us privs in that ns (assuming its a child of the current and thus allowed) */`
`3115`		`- if (opt_userns_fd > 0 && setns (opt_userns_fd, CLONE_NEWUSER) != 0)`
	`3115`	`+ if (opt_userns_fd != -1 && setns (opt_userns_fd, CLONE_NEWUSER) != 0)`
`3116`	`3116`	`{`
`3117`	`3117`	`if (errno == EINVAL)`
`3118`	`3118`	`die ("Joining the specified user namespace failed, it might not be a descendant of the current user namespace.");`
`@@ -3178,7 +3178,7 @@ main (int argc,`
`3178`	`3178`
`3179`	`3179`	`/* Initial launched process, wait for pid 1 or exec:ed command to exit */`
`3180`	`3180`
`3181`		`- if (opt_userns2_fd > 0 && setns (opt_userns2_fd, CLONE_NEWUSER) != 0)`
	`3181`	`+ if (opt_userns2_fd != -1 && setns (opt_userns2_fd, CLONE_NEWUSER) != 0)`
`3182`	`3182`	`die_with_error ("Setting userns2 failed");`
`3183`	`3183`
`3184`	`3184`	`/* We don't need any privileges in the launcher, drop them immediately. */`
`@@ -3219,7 +3219,7 @@ main (int argc,`
`3219`	`3219`	`return monitor_child (event_fd, pid, setup_finished_pipe[0]);`
`3220`	`3220`	`}`
`3221`	`3221`
`3222`		`- if (opt_pidns_fd > 0)`
	`3222`	`+ if (opt_pidns_fd != -1)`
`3223`	`3223`	`{`
`3224`	`3224`	`if (setns (opt_pidns_fd, CLONE_NEWPID) != 0)`
`3225`	`3225`	`die_with_error ("Setting pidns failed");`
`@@ -3446,7 +3446,7 @@ main (int argc,`
`3446`	`3446`	`die_with_error ("chdir /");`
`3447`	`3447`	`}`
`3448`	`3448`
`3449`		`- if (opt_userns2_fd > 0 && setns (opt_userns2_fd, CLONE_NEWUSER) != 0)`
	`3449`	`+ if (opt_userns2_fd != -1 && setns (opt_userns2_fd, CLONE_NEWUSER) != 0)`
`3450`	`3450`	`die_with_error ("Setting userns2 failed");`
`3451`	`3451`
`3452`	`3452`	`if (opt_unshare_user && opt_userns_block_fd == -1 &&`