From 0628118c31c6890426f7faf6fd8d2d4aca1de5ca Mon Sep 17 00:00:00 2001
From: Ruslan Kuprieiev <kupruser@gmail.com>
Date: Wed, 6 Aug 2014 18:49:00 +0400
Subject: [PATCH] security: skip obtaining additional groups for root, as they
 don't matter

As it was reported, some systems don't use /etc/passwd.
On such systems getpwuid fails with undefined errno(see getpwuid(3))
not allowing criu to restrict ids with user additional groups.
Luckily, on such systems criu is run as root, so we can
just skip obtaining additional groups, as they don't matter
for root.

Reported-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Tested-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
---
 security.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/security.c b/security.c
index 9cb70ab0e..a801005b9 100644
--- a/security.c
+++ b/security.c
@@ -36,6 +36,10 @@ int restrict_uid(unsigned int uid, unsigned int gid)
 	cr_uid = uid;
 	cr_gid = gid;
 
+	/* skip obtaining additional groups for root, as they don't matter */
+	if (cr_uid == 0 && cr_gid == 0)
+		return 0;
+
 	pwd = getpwuid(uid);
 	if (!pwd) {
 		pr_perror("Can't get password file entry");