-
start: fix execute and improve setgroups() calls · d08f8d2fChristian Brauner authored
lxc_execute() and lxc-execute where broken when a user tried to switch to a non-root uid/gid. This prevented necessary setup operations like mounting the rootfs which require root in the user namespace. This commit separates switching to root in the user namespace from switching to the requested uid/gid by lxc_execute(). This should be safe: Once we switched to root in the user namespace via setuid() and then switch to a non-root uid/gid in the user namespace for lxc_execute() via setuid() we cannot regain root privileges again. So we can only make us safer (Unless I forget about some very intricate user namespace nonsense; which is not as unlikely as I try to make it sound.). Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| include | Loading commit data... | |
| lua-lxc | Loading commit data... | |
| lxc | Loading commit data... | |
| python-lxc | Loading commit data... | |
| tests | Loading commit data... | |
| Makefile.am | Loading commit data... |