Merge pull request #4280 from giuseppe/unprivileged-user

[RFC] run systemd in an unprivileged container
author: Lennart Poettering <lennart@poettering.net> 2016-10-06 15:44:27 +0200
committer: GitHub <noreply@github.com> 2016-10-06 15:44:27 +0200
commit: e057995bb1314a94ce460d8e5a2a20e73c0e2ad4 (patch)
tree: 6ca280b3a1526e61c9fed7b87854e2ba0ddb80c8 /src/basic/capability-util.c
parent: 94f42fe3a68129fc5d30fc0ee2094c3052ea782b (diff)
parent: 36d854780c01d589e5da1fc6e94f46aa41f7016f (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index d4c5bd6937..f8db6e0212 100644
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -31,6 +31,7 @@
 #include "log.h"
 #include "macro.h"
 #include "parse-util.h"
+#include "user-util.h"
 #include "util.h"
 
 int have_effective_cap(int value) {
@@ -295,7 +296,7 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
         if (setresgid(gid, gid, gid) < 0)
                 return log_error_errno(errno, "Failed to change group ID: %m");
 
-        if (setgroups(0, NULL) < 0)
+        if (maybe_setgroups(0, NULL) < 0)
                 return log_error_errno(errno, "Failed to drop auxiliary groups list: %m");
 
         /* Ensure we keep the permitted caps across the setresuid() */
author	Lennart Poettering <lennart@poettering.net>	2016-10-06 15:44:27 +0200
committer	GitHub <noreply@github.com>	2016-10-06 15:44:27 +0200
commit	e057995bb1314a94ce460d8e5a2a20e73c0e2ad4 (patch)
tree	6ca280b3a1526e61c9fed7b87854e2ba0ddb80c8 /src/basic/capability-util.c
parent	94f42fe3a68129fc5d30fc0ee2094c3052ea782b (diff)
parent	36d854780c01d589e5da1fc6e94f46aa41f7016f (diff)