utils: make id switching functions return bool

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: make id switching functions return bool
fad08f38 · Christian Brauner · be905724 · fad08f38 · fad08f38 · fad08f38
Unverified Commit fad08f38 authored Apr 09, 2019 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 26 deletions

start.c src/lxc/start.c +5 -8

utils.c src/lxc/utils.c +24 -16

utils.h src/lxc/utils.h +2 -2

No files found.
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1146,15 +1146,13 @@ static int do_start(void *data)
 				  ? 0
 				  : handler->conf->init_gid;
-		ret = lxc_switch_uid_gid(nsuid, nsgid);
+		if (!lxc_switch_uid_gid(nsuid, nsgid))
-		if (ret < 0)
 			goto out_warn_father;
 		/* Drop groups only after we switched to a valid gid in the new
 		 * user namespace.
 		 */
-		ret = lxc_setgroups(0, NULL);
+		if (!lxc_setgroups(0, NULL) && (handler->am_root || errno != EPERM))
-		if (ret < 0 && (handler->am_root || errno != EPERM))
 			goto out_warn_father;
 		ret = prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
@@ -1349,12 +1347,11 @@ static int do_start(void *data)
 	#else
 	have_cap_setgid = false;
 	#endif
-	if (lxc_list_empty(&handler->conf->id_map) && have_cap_setgid) {
+	if (lxc_list_empty(&handler->conf->id_map) && have_cap_setgid)
-		if (lxc_setgroups(0, NULL) < 0)
+		if (!lxc_setgroups(0, NULL))
 			goto out_warn_father;
-	}
-	if (lxc_switch_uid_gid(new_uid, new_gid) < 0)
+	if (!lxc_switch_uid_gid(new_uid, new_gid))
 		goto out_warn_father;
 	ret = lxc_ambient_caps_down();

--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -2059,33 +2059,41 @@ int lxc_safe_long_long(const char *numstr, long long int *converted)
 	return 0;
 }
-int lxc_switch_uid_gid(uid_t uid, gid_t gid)
+bool lxc_switch_uid_gid(uid_t uid, gid_t gid)
 {
-	if (setgid(gid) < 0) {
+	int ret = 0;
-		SYSERROR("Failed to switch to gid %d.", gid);
-		return -errno;
+	if (gid != LXC_INVALID_GID) {
+		ret = setgid(gid);
+		if (ret < 0) {
+			SYSERROR("Failed to switch to gid %d", gid);
+			return false;
+		}
+		NOTICE("Switched to gid %d", gid);
 	}
-	NOTICE("Switched to gid %d.", gid);
-	if (setuid(uid) < 0) {
+	if (uid != LXC_INVALID_UID) {
-		SYSERROR("Failed to switch to uid %d.", uid);
+		ret = setuid(uid);
-		return -errno;
+		if (ret < 0) {
+			SYSERROR("Failed to switch to uid %d", uid);
+			return false;
+		}
+		NOTICE("Switched to uid %d", uid);
 	}
-	NOTICE("Switched to uid %d.", uid);
-	return 0;
+	return true;
 }
-/* Simple covenience function which enables uniform logging. */
+/* Simple convenience function which enables uniform logging. */
-int lxc_setgroups(int size, gid_t list[])
+bool lxc_setgroups(int size, gid_t list[])
 {
 	if (setgroups(size, list) < 0) {
-		SYSERROR("Failed to setgroups().");
+		SYSERROR("Failed to setgroups()");
-		return -errno;
+		return false;
 	}
-	NOTICE("Dropped additional groups.");
+	NOTICE("Dropped additional groups");
-	return 0;
+	return true;
 }
 static int lxc_get_unused_loop_dev_legacy(char *loop_name)

--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -455,8 +455,8 @@ extern int lxc_safe_uint64(const char *numstr, uint64_t *converted, int base);
 extern int parse_byte_size_string(const char *s, int64_t *converted);
 /* Switch to a new uid and gid. */
-int lxc_switch_uid_gid(uid_t uid, gid_t gid);
+bool lxc_switch_uid_gid(uid_t uid, gid_t gid);
-int lxc_setgroups(int size, gid_t list[]);
+bool lxc_setgroups(int size, gid_t list[]);
 /* Find an unused loop device and associate it with source. */
 int lxc_prepare_loop_dev(const char *source, char *loop_dev, int flags);