Skip to content

Commit

Permalink
attach: always drop supplementary groups
Browse files Browse the repository at this point in the history 
Closes lxc#1704.

Signed-off-by: Christian Brauner <[email protected]>
  • Loading branch information
Christian Brauner committed Apr 9, 2018
1 parent 5eda487 commit 2492733
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions src/lxc/attach.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -870,12 +870,12 @@ static int attach_child_main(struct attach_clone_payload *payload)
ret = lxc_switch_uid_gid(new_uid, new_gid);
if (ret < 0)
goto on_error;

ret = lxc_setgroups(0, NULL);
if (ret < 0)
goto on_error;
}

ret = lxc_setgroups(0, NULL);
if (ret < 0)
goto on_error;

if ((init_ctx->container && init_ctx->container->lxc_conf &&
init_ctx->container->lxc_conf->no_new_privs) ||
(options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) {
Expand Down

0 comments on commit 2492733

Please sign in to comment.