projects / lxc.git / blame
| Commit | Line | Data |
|---|---|---|
| 99be5c8c WB |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| 2 | From: Christian Brauner <christian.brauner@ubuntu.com> | |
| 3 | Date: Mon, 9 Apr 2018 18:01:38 +0200 | |
| 4 | Subject: [PATCH] attach: always drop supplementary groups | |
| 5 | ||
| 6 | Closes #1704. | |
| 7 | ||
| 8 | Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com> | |
| 9 | --- | |
| 10 | src/lxc/attach.c | 8 ++++---- | |
| 11 | 1 file changed, 4 insertions(+), 4 deletions(-) | |
| 12 | ||
| 13 | diff --git a/src/lxc/attach.c b/src/lxc/attach.c | |
| 14 | index 9a8a836d..3b715272 100644 | |
| 15 | --- a/src/lxc/attach.c | |
| 16 | +++ b/src/lxc/attach.c | |
| 17 | @@ -870,12 +870,12 @@ static int attach_child_main(struct attach_clone_payload *payload) | |
| 18 | ret = lxc_switch_uid_gid(new_uid, new_gid); | |
| 19 | if (ret < 0) | |
| 20 | goto on_error; | |
| 21 | - | |
| 22 | - ret = lxc_setgroups(0, NULL); | |
| 23 | - if (ret < 0) | |
| 24 | - goto on_error; | |
| 25 | } | |
| 26 | ||
| 27 | + ret = lxc_setgroups(0, NULL); | |
| 28 | + if (ret < 0) | |
| 29 | + goto on_error; | |
| 30 | + | |
| 31 | if ((init_ctx->container && init_ctx->container->lxc_conf && | |
| 32 | init_ctx->container->lxc_conf->no_new_privs) || | |
| 33 | (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) { | |
| 34 | -- | |
| 35 | 2.11.0 | |
| 36 |