utils: add lxc_drop_groups()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add lxc_drop_groups()
35c45e17 · Christian Brauner · fde1420c · 35c45e17 · 35c45e17
Unverified Commit 35c45e17 authored Feb 05, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 0 deletions

utils.c src/lxc/utils.c +12 -0

utils.h src/lxc/utils.h +1 -0

No files found.
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1444,6 +1444,18 @@ bool lxc_switch_uid_gid(uid_t uid, gid_t gid)
 }

 /* Simple convenience function which enables uniform logging. */
+bool lxc_drop_groups(void)
+{
+	int ret;
+
+	ret = setgroups(0, NULL);
+	if (ret)
+		return log_error_errno(false, errno, "Failed to drop supplimentary groups");
+
+	NOTICE("Dropped supplimentary groups");
+	return ret == 0;
+}
+
 bool lxc_setgroups(int size, gid_t list[])
 {
 	if (setgroups(size, list) < 0) {

--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -157,6 +157,7 @@ __hidden extern bool task_blocks_signal(pid_t pid, int signal);
 */
 __hidden extern bool lxc_switch_uid_gid(uid_t uid, gid_t gid);
 __hidden extern bool lxc_setgroups(int size, gid_t list[]);
+__hidden extern bool lxc_drop_groups(void);

 /* Find an unused loop device and associate it with source. */
 __hidden extern int lxc_prepare_loop_dev(const char *source, char *loop_dev, int flags);