debian/patches/fixes/0005-attach-always-drop-supplementary-groups.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Christian Brauner <christian.brauner@ubuntu.com>
   3 Date: Mon, 9 Apr 2018 18:01:38 +0200
   4 Subject: [PATCH] attach: always drop supplementary groups
   5
   6 Closes #1704.
   7
   8 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
   9 ---
  10  src/lxc/attach.c | 8 ++++----
  11  1 file changed, 4 insertions(+), 4 deletions(-)
  12
  13 diff --git a/src/lxc/attach.c b/src/lxc/attach.c
  14 index 9a8a836d..3b715272 100644
  15 --- a/src/lxc/attach.c
  16 +++ b/src/lxc/attach.c
  17 @@ -870,12 +870,12 @@ static int attach_child_main(struct attach_clone_payload *payload)
  18                 ret = lxc_switch_uid_gid(new_uid, new_gid);
  19                 if (ret < 0)
  20                         goto on_error;
  21 -
  22 -               ret = lxc_setgroups(0, NULL);
  23 -               if (ret < 0)
  24 -                       goto on_error;
  25         }
  26
  27 +       ret = lxc_setgroups(0, NULL);
  28 +       if (ret < 0)
  29 +               goto on_error;
  30 +
  31         if ((init_ctx->container && init_ctx->container->lxc_conf &&
  32              init_ctx->container->lxc_conf->no_new_privs) ||
  33             (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) {
  34 --
  35 2.11.0
  36