lxc-usernsexec: don't fail on setgroups()

We can fail to setgroups() when "deny" has been set which we need to set when we are a fully unprivileged user. Closes: 3420. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-usernsexec: don't fail on setgroups()
b8025217 · Christian Brauner · Stéphane Graber · 323a1569 · b8025217
Unverified Commit b8025217 authored May 20, 2020 by Christian Brauner Committed by Stéphane Graber May 24, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

lxc_usernsexec.c src/lxc/cmd/lxc_usernsexec.c +3 -3

No files found.
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -87,11 +87,11 @@ static int do_child(void *vargv)
 	int ret;
 	char **argv = (char **)vargv;

-	/* Assume we want to become root */
-	if (!lxc_switch_uid_gid(0, 0))
+	if (!lxc_setgroups(0, NULL))
 		return -1;

-	if (!lxc_setgroups(0, NULL))
+	/* Assume we want to become root */
+	if (!lxc_switch_uid_gid(0, 0))
 		return -1;

 	ret = unshare(CLONE_NEWNS);