mir/lxc
2
0
Fork 0
mirror of git://github.com/lxc/lxc synced 2025-08-22 14:01:33 +00:00
Code Issues Releases Wiki Activity

conf: improve userns_exec_mapped_root()

Browse Source 
As we do in all other places, first drop groups, then use
setres{g,u}id().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2022-01-18 16:14:13 +01:00
parent 73ff048d66
commit e0f6f149d5
No known key found for this signature in database
GPG Key ID: 91C61BC06578DCA2
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/lxc/conf.c
View File

@ -5505,11 +5505,20 @@ int userns_exec_mapped_root(const char *path, int path_fd,
close_prot_errno_disarm(sock_fds[0]);
if (!lxc_switch_uid_gid(0, 0))
if (!lxc_drop_groups() && errno != EPERM)
_exit(EXIT_FAILURE);
if (!lxc_drop_groups())
ret = setresgid(0, 0, 0);
if (ret < 0) {
SYSERROR("Failed to setresgid(0, 0, 0)");
_exit(EXIT_FAILURE);
}
ret = setresuid(0, 0, 0);
if (ret < 0) {
SYSERROR("Failed to setresuid(0, 0, 0)");
_exit(EXIT_FAILURE);
}
ret = fchown(target_fd, 0, st.st_gid);
if (ret) {