Do not switch to root for lxc-execute

Signed-off-by: Patrick Toomey <ptoomey3@biasedcoin.com>

Do not switch to root for lxc-execute
e06155c9 · Patrick Toomey · 814d049d · e06155c9
Commit e06155c9 authored Jul 09, 2015 by Patrick Toomey
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

start.c src/lxc/start.c +3 -2

No files found.
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -664,9 +664,10 @@ static int do_start(void *data)
 	/*
 	 * if we are in a new user namespace, become root there to have
-	 * privilege over our namespace
+	 * privilege over our namespace. We don't become root for lxc-execute, as
+	 * the intent is to execute a command as the original user.
 	 */
-	if (!lxc_list_empty(&handler->conf->id_map)) {
+	if (!handler->conf->is_execute && !lxc_list_empty(&handler->conf->id_map)) {
 		NOTICE("switching to gid/uid 0 in new user namespace");
 		if (setgid(0)) {
 			SYSERROR("setgid");