Skip to content

L
lxc
Unverified Commit 3d435963 by Stéphane Graber Committed by GitHub
Options

Merge pull request #2266 from brauner/2018-04-09/attach_drop_suppl_groups

attach: always drop supplementary groups
parents e456a1ef 9e320621
Showing with 17 additions and 1 deletion
src/lxc/attach.c
...@@ -870,11 +870,11 @@ static int attach_child_main(struct attach_clone_payload *payload) ...@@ -870,11 +870,11 @@ static int attach_child_main(struct attach_clone_payload *payload)
ret = lxc_switch_uid_gid(new_uid, new_gid); ret = lxc_switch_uid_gid(new_uid, new_gid);
if (ret < 0) if (ret < 0)
goto on_error; goto on_error;
}
ret = lxc_setgroups(0, NULL); ret = lxc_setgroups(0, NULL);
if (ret < 0) if (ret < 0)
goto on_error; goto on_error;
}
if ((init_ctx->container && init_ctx->container->lxc_conf && if ((init_ctx->container && init_ctx->container->lxc_conf &&
init_ctx->container->lxc_conf->no_new_privs) || init_ctx->container->lxc_conf->no_new_privs) ||
......
src/lxc/utils.h
...@@ -115,6 +115,22 @@ extern char *get_rundir(void); ...@@ -115,6 +115,22 @@ extern char *get_rundir(void);
#endif #endif
#endif #endif
#if !defined(__NR_setns) && !defined(__NR_set_ns)
#if defined(__x86_64__)
#define __NR_setns 308
#elif defined(__i386__)
#define __NR_setns 346
#elif defined(__arm__)
#define __NR_setns 375
#elif defined(__aarch64__)
#define __NR_setns 375
#elif defined(__powerpc__)
#define __NR_setns 350
#elif defined(__s390__)
#define __NR_setns 339
#endif
#endif
/* Define setns() if missing from the C library */ /* Define setns() if missing from the C library */
#ifndef HAVE_SETNS #ifndef HAVE_SETNS
static inline int setns(int fd, int nstype) static inline int setns(int fd, int nstype)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment