tree-wide: use lxc_drop_groups() instead of lxc_setgroups(0, NULL)

parent 8dd6f81e
...@@ -1214,7 +1214,7 @@ __noreturn static void do_attach(struct attach_payload *ap) ...@@ -1214,7 +1214,7 @@ __noreturn static void do_attach(struct attach_payload *ap)
goto on_error; goto on_error;
} }
if (!lxc_setgroups(0, NULL) && errno != EPERM) if (!lxc_drop_groups() && errno != EPERM)
goto on_error; goto on_error;
if (options->namespaces & CLONE_NEWUSER) if (options->namespaces & CLONE_NEWUSER)
......
...@@ -965,7 +965,7 @@ static int cgroup_tree_remove_wrapper(void *data) ...@@ -965,7 +965,7 @@ static int cgroup_tree_remove_wrapper(void *data)
gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
int ret; int ret;
if (!lxc_setgroups(0, NULL) && errno != EPERM) if (!lxc_drop_groups() && errno != EPERM)
return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)"); return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
ret = setresgid(nsgid, nsgid, nsgid); ret = setresgid(nsgid, nsgid, nsgid);
...@@ -1574,7 +1574,7 @@ static int chown_cgroup_wrapper(void *data) ...@@ -1574,7 +1574,7 @@ static int chown_cgroup_wrapper(void *data)
uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid; uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid;
gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid; gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
if (!lxc_setgroups(0, NULL) && errno != EPERM) if (!lxc_drop_groups() && errno != EPERM)
return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)"); return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
ret = setresgid(nsgid, nsgid, nsgid); ret = setresgid(nsgid, nsgid, nsgid);
......
...@@ -88,7 +88,7 @@ static int do_child(void *vargv) ...@@ -88,7 +88,7 @@ static int do_child(void *vargv)
int ret; int ret;
char **argv = (char **)vargv; char **argv = (char **)vargv;
if (!lxc_setgroups(0, NULL) && errno != EPERM) if (!lxc_drop_groups() && errno != EPERM)
return -1; return -1;
/* Assume we want to become root */ /* Assume we want to become root */
......
...@@ -4282,7 +4282,7 @@ int userns_exec_minimal(const struct lxc_conf *conf, ...@@ -4282,7 +4282,7 @@ int userns_exec_minimal(const struct lxc_conf *conf,
close_prot_errno_disarm(sock_fds[0]); close_prot_errno_disarm(sock_fds[0]);
if (!lxc_setgroups(0, NULL) && errno != EPERM) if (!lxc_drop_groups() && errno != EPERM)
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
ret = setresgid(resgid, resgid, resgid); ret = setresgid(resgid, resgid, resgid);
...@@ -4700,7 +4700,7 @@ int userns_exec_mapped_root(const char *path, int path_fd, ...@@ -4700,7 +4700,7 @@ int userns_exec_mapped_root(const char *path, int path_fd,
if (!lxc_switch_uid_gid(0, 0)) if (!lxc_switch_uid_gid(0, 0))
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
if (!lxc_setgroups(0, NULL)) if (!lxc_drop_groups())
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
ret = fchown(target_fd, 0, st.st_gid); ret = fchown(target_fd, 0, st.st_gid);
......
...@@ -3660,7 +3660,7 @@ static int clone_update_rootfs(struct clone_update_data *data) ...@@ -3660,7 +3660,7 @@ static int clone_update_rootfs(struct clone_update_data *data)
/* update hostname in rootfs */ /* update hostname in rootfs */
/* we're going to mount, so run in a clean namespace to simplify cleanup */ /* we're going to mount, so run in a clean namespace to simplify cleanup */
(void)lxc_setgroups(0, NULL); (void)lxc_drop_groups();
if (setgid(0) < 0) { if (setgid(0) < 0) {
ERROR("Failed to setgid to 0"); ERROR("Failed to setgid to 0");
......
...@@ -1111,7 +1111,7 @@ static int do_start(void *data) ...@@ -1111,7 +1111,7 @@ static int do_start(void *data)
/* Drop groups only after we switched to a valid gid in the new /* Drop groups only after we switched to a valid gid in the new
* user namespace. * user namespace.
*/ */
if (!lxc_setgroups(0, NULL) && if (!lxc_drop_groups() &&
(handler->am_root || errno != EPERM)) (handler->am_root || errno != EPERM))
goto out_warn_father; goto out_warn_father;
...@@ -1410,7 +1410,7 @@ static int do_start(void *data) ...@@ -1410,7 +1410,7 @@ static int do_start(void *data)
#if HAVE_LIBCAP #if HAVE_LIBCAP
if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE)) if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE))
#endif #endif
if (!lxc_setgroups(0, NULL)) if (!lxc_drop_groups())
goto out_warn_father; goto out_warn_father;
if (!lxc_switch_uid_gid(new_uid, new_gid)) if (!lxc_switch_uid_gid(new_uid, new_gid))
......
...@@ -374,7 +374,7 @@ int btrfs_snapshot_wrapper(void *data) ...@@ -374,7 +374,7 @@ int btrfs_snapshot_wrapper(void *data)
const char *src; const char *src;
struct rsync_data_char *arg = data; struct rsync_data_char *arg = data;
(void)lxc_setgroups(0, NULL); (void)lxc_drop_groups();
if (setgid(0) < 0) { if (setgid(0) < 0) {
ERROR("Failed to setgid to 0"); ERROR("Failed to setgid to 0");
......
...@@ -35,7 +35,7 @@ int lxc_rsync_exec_wrapper(void *data) ...@@ -35,7 +35,7 @@ int lxc_rsync_exec_wrapper(void *data)
if (!lxc_switch_uid_gid(0, 0)) if (!lxc_switch_uid_gid(0, 0))
return -1; return -1;
if (!lxc_setgroups(0, NULL)) if (!lxc_drop_groups())
return -1; return -1;
return lxc_rsync_exec(args->src, args->dest); return lxc_rsync_exec(args->src, args->dest);
...@@ -96,7 +96,7 @@ int lxc_rsync(struct rsync_data *data) ...@@ -96,7 +96,7 @@ int lxc_rsync(struct rsync_data *data)
if (!lxc_switch_uid_gid(0, 0)) if (!lxc_switch_uid_gid(0, 0))
return -1; return -1;
if (!lxc_setgroups(0, NULL)) if (!lxc_drop_groups())
return -1; return -1;
src = lxc_storage_get_path(orig->dest, orig->type); src = lxc_storage_get_path(orig->dest, orig->type);
......
...@@ -461,7 +461,7 @@ int storage_destroy_wrapper(void *data) ...@@ -461,7 +461,7 @@ int storage_destroy_wrapper(void *data)
{ {
struct lxc_conf *conf = data; struct lxc_conf *conf = data;
(void)lxc_setgroups(0, NULL); (void)lxc_drop_groups();
if (setgid(0) < 0) { if (setgid(0) < 0) {
SYSERROR("Failed to setgid to 0"); SYSERROR("Failed to setgid to 0");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment