tree-wide: use lxc_drop_groups() instead of lxc_setgroups(0, NULL)

src/lxc/attach.c

@@ -1214,7 +1214,7 @@ __noreturn static void do_attach(struct attach_payload *ap)
 			goto on_error;
 	}
 
-	if (!lxc_setgroups(0, NULL) && errno != EPERM)
+	if (!lxc_drop_groups() && errno != EPERM)
 		goto on_error;
 
 	if (options->namespaces & CLONE_NEWUSER)

src/lxc/cgroups/cgfsng.c

@@ -965,7 +965,7 @@ static int cgroup_tree_remove_wrapper(void *data)
 	gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
 	int ret;
 
-	if (!lxc_setgroups(0, NULL) && errno != EPERM)
+	if (!lxc_drop_groups() && errno != EPERM)
 		return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
 
 	ret = setresgid(nsgid, nsgid, nsgid);
@@ -1574,7 +1574,7 @@ static int chown_cgroup_wrapper(void *data)
 	uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid;
 	gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
 
-	if (!lxc_setgroups(0, NULL) && errno != EPERM)
+	if (!lxc_drop_groups() && errno != EPERM)
 		return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
 
 	ret = setresgid(nsgid, nsgid, nsgid);

src/lxc/cmd/lxc_usernsexec.c

@@ -88,7 +88,7 @@ static int do_child(void *vargv)
 	int ret;
 	char **argv = (char **)vargv;
 
-	if (!lxc_setgroups(0, NULL) && errno != EPERM)
+	if (!lxc_drop_groups() && errno != EPERM)
 		return -1;
 
 	/* Assume we want to become root */

src/lxc/conf.c

@@ -4282,7 +4282,7 @@ int userns_exec_minimal(const struct lxc_conf *conf,
 
 		close_prot_errno_disarm(sock_fds[0]);
 
-		if (!lxc_setgroups(0, NULL) && errno != EPERM)
+		if (!lxc_drop_groups() && errno != EPERM)
 			_exit(EXIT_FAILURE);
 
 		ret = setresgid(resgid, resgid, resgid);
@@ -4700,7 +4700,7 @@ int userns_exec_mapped_root(const char *path, int path_fd,
 		if (!lxc_switch_uid_gid(0, 0))
 			_exit(EXIT_FAILURE);
 
-		if (!lxc_setgroups(0, NULL))
+		if (!lxc_drop_groups())
 			_exit(EXIT_FAILURE);
 
 		ret = fchown(target_fd, 0, st.st_gid);

src/lxc/lxccontainer.c

@@ -3660,7 +3660,7 @@ static int clone_update_rootfs(struct clone_update_data *data)
 	/* update hostname in rootfs */
 	/* we're going to mount, so run in a clean namespace to simplify cleanup */
 
-	(void)lxc_setgroups(0, NULL);
+	(void)lxc_drop_groups();
 
 	if (setgid(0) < 0) {
 		ERROR("Failed to setgid to 0");

src/lxc/start.c

@@ -1111,7 +1111,7 @@ static int do_start(void *data)
 		/* Drop groups only after we switched to a valid gid in the new
 		 * user namespace.
 		 */
-		if (!lxc_setgroups(0, NULL) &&
+		if (!lxc_drop_groups() &&
 		    (handler->am_root || errno != EPERM))
 			goto out_warn_father;
 
@@ -1410,7 +1410,7 @@ static int do_start(void *data)
 		#if HAVE_LIBCAP
 		if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE))
 		#endif
-			if (!lxc_setgroups(0, NULL))
+			if (!lxc_drop_groups())
 				goto out_warn_father;
 
 	if (!lxc_switch_uid_gid(new_uid, new_gid))

src/lxc/storage/btrfs.c

@@ -374,7 +374,7 @@ int btrfs_snapshot_wrapper(void *data)
 	const char *src;
 	struct rsync_data_char *arg = data;
 
-	(void)lxc_setgroups(0, NULL);
+	(void)lxc_drop_groups();
 
 	if (setgid(0) < 0) {
 		ERROR("Failed to setgid to 0");

src/lxc/storage/rsync.c

@@ -35,7 +35,7 @@ int lxc_rsync_exec_wrapper(void *data)
 	if (!lxc_switch_uid_gid(0, 0))
 		return -1;
 
-	if (!lxc_setgroups(0, NULL))
+	if (!lxc_drop_groups())
 		return -1;
 
 	return lxc_rsync_exec(args->src, args->dest);
@@ -96,7 +96,7 @@ int lxc_rsync(struct rsync_data *data)
 	if (!lxc_switch_uid_gid(0, 0))
 		return -1;
 
-	if (!lxc_setgroups(0, NULL))
+	if (!lxc_drop_groups())
 		return -1;
 
 	src = lxc_storage_get_path(orig->dest, orig->type);

src/lxc/storage/storage_utils.c

@@ -461,7 +461,7 @@ int storage_destroy_wrapper(void *data)
 {
 	struct lxc_conf *conf = data;
 
-	(void)lxc_setgroups(0, NULL);
+	(void)lxc_drop_groups();
 
 	if (setgid(0) < 0) {
 		SYSERROR("Failed to setgid to 0");