core: intialize user aux groups and SupplementaryGroups= when DynamicUser= is set

Make sure that when DynamicUser= is set that we intialize the user supplementary groups and that we also support SupplementaryGroups= Fixes: https://github.com/systemd/systemd/issues/4539 Thanks Evgeny Vereshchagin (@evverx)
author: Djalal Harouni <tixxdz@opendz.org> 2016-11-02 22:42:40 +0100
committer: Djalal Harouni <tixxdz@opendz.org> 2016-11-03 08:36:53 +0100
commit: cdc5d5c55e58ff9eeb6b2258c9fc3a416ee8b53f (patch)
tree: 34472dabf0e17435c5acd98170efc71a32918da8
parent: b2c82a7f2f7c8ae426a9208fb79c5abbd5e3181c (diff)
1 files changed, 12 insertions, 13 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 3f053602b5..f13ca30395 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -773,11 +773,9 @@ static int get_fixed_group(const ExecContext *c, const char **group, gid_t *gid)
         return 0;
 }
 
-static int get_fixed_supplementary_groups(const ExecContext *c,
-                                          const char *user,
-                                          const char *group,
-                                          gid_t gid,
-                                          gid_t **supplementary_gids, int *ngids) {
+static int get_supplementary_groups(const ExecContext *c, const char *user,
+                                    const char *group, gid_t gid,
+                                    gid_t **supplementary_gids, int *ngids) {
         char **i;
         int r, k = 0;
         int ngroups_max;
@@ -790,8 +788,8 @@ static int get_fixed_supplementary_groups(const ExecContext *c,
         /*
          * If user is given, then lookup GID and supplementary groups list.
          * We avoid NSS lookups for gid=0. Also we have to initialize groups
-         * as early as possible so we keep the list of supplementary groups
-         * of the caller.
+         * here and as early as possible so we keep the list of supplementary
+         * groups of the caller.
          */
         if (user && gid_is_valid(gid) && gid != 0) {
                 /* First step, initialize groups from /etc/groups */
@@ -2347,13 +2345,14 @@ static int exec_child(
                         *exit_status = EXIT_GROUP;
                         return r;
                 }
+        }
 
-                r = get_fixed_supplementary_groups(context, username, groupname,
-                                                   gid, &supplementary_gids, &ngids);
-                if (r < 0) {
-                        *exit_status = EXIT_GROUP;
-                        return r;
-                }
+        /* Initialize user supplementary groups and get SupplementaryGroups= ones */
+        r = get_supplementary_groups(context, username, groupname, gid,
+                                     &supplementary_gids, &ngids);
+        if (r < 0) {
+                *exit_status = EXIT_GROUP;
+                return r;
         }
 
         r = send_user_lookup(unit, user_lookup_fd, uid, gid);
author	Djalal Harouni <tixxdz@opendz.org>	2016-11-02 22:42:40 +0100
committer	Djalal Harouni <tixxdz@opendz.org>	2016-11-03 08:36:53 +0100
commit	cdc5d5c55e58ff9eeb6b2258c9fc3a416ee8b53f (patch)
tree	34472dabf0e17435c5acd98170efc71a32918da8
parent	b2c82a7f2f7c8ae426a9208fb79c5abbd5e3181c (diff)