start.c: always switch uid and gid

Signed-off-by: Yifeng Tan <tanyifeng1@huawei.com> Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com>

start.c: always switch uid and gid
928b1f04 · Yifeng Tan · Christian Brauner · f55cf89e · 928b1f04
Unverified Commit 928b1f04 authored Nov 24, 2017 by Yifeng Tan Committed by Christian Brauner Nov 25, 2017
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

start.c src/lxc/start.c +5 -5

No files found.
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -776,6 +776,9 @@ static int do_start(void *data)
 	char path[PATH_MAX];
 	int devnull_fd = -1;
 	struct lxc_handler *handler = data;
+	bool have_cap_setgid;
+	uid_t new_uid;
+	gid_t new_gid;
 	if (sigprocmask(SIG_SETMASK, &handler->oldmask, NULL)) {
 		SYSERROR("Failed to set signal mask.");
@@ -1009,10 +1012,8 @@ static int do_start(void *data)
 	/* The container has been setup. We can now switch to an unprivileged
 	 * uid/gid.
 	 */
-	if (handler->conf->is_execute) {
+	new_uid = handler->conf->init_uid;
-		bool have_cap_setgid;
+	new_gid = handler->conf->init_gid;
-		uid_t new_uid = handler->conf->init_uid;
-		gid_t new_gid = handler->conf->init_gid;
 	/* If we are in a new user namespace we already dropped all
 	 * groups when we switched to root in the new user namespace
@@ -1031,7 +1032,6 @@ static int do_start(void *data)
 	if (lxc_switch_uid_gid(new_uid, new_gid) < 0)
 		goto out_warn_father;
-	}
 	/* After this call, we are in error because this ops should not return
 	 * as it execs.