[lxc-devel] [lxc/master] attach: always drop supplementary groups
brauner on Github
lxc-bot at linuxcontainers.org
Mon Apr 9 16:03:57 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 381 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180409/87721bd9/attachment.bin>
-------------- next part --------------
From 24927339bd52856eba0cc5033893e036988ce369 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 9 Apr 2018 18:01:38 +0200
Subject: [PATCH] attach: always drop supplementary groups
Closes #1704.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/attach.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 9a8a836d5..3b7152721 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -870,12 +870,12 @@ static int attach_child_main(struct attach_clone_payload *payload)
ret = lxc_switch_uid_gid(new_uid, new_gid);
if (ret < 0)
goto on_error;
-
- ret = lxc_setgroups(0, NULL);
- if (ret < 0)
- goto on_error;
}
+ ret = lxc_setgroups(0, NULL);
+ if (ret < 0)
+ goto on_error;
+
if ((init_ctx->container && init_ctx->container->lxc_conf &&
init_ctx->container->lxc_conf->no_new_privs) ||
(options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) {
More information about the lxc-devel
mailing list