diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-11-21 02:58:55 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-11-22 00:45:22 +0100 |
| commit | 3c957acf86b9ec482a527528987b2462a32e0d07 (patch) | |
| tree | f693775d76371d10ce9407e909b9b476d5420bc2 /src | |
| parent | ba9904e9ce0628cce3bbd8106f6dc6914e418eda (diff) | |
nspawn: reset supplementary and main group id before entering nspawn
Diffstat (limited to 'src')
| -rw-r--r-- | src/nspawn/nspawn.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 244ebb8342..59171abff3 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1327,6 +1327,23 @@ int main(int argc, char *argv[]) { log_error("setreuid() failed: %m"); goto child_fail; } + } else { + /* Reset everything fully to 0, just in case */ + + if (setgroups(0, NULL) < 0) { + log_error("setgroups() failed: %m"); + goto child_fail; + } + + if (setresgid(0, 0, 0) < 0) { + log_error("setregid() failed: %m"); + goto child_fail; + } + + if (setresuid(0, 0, 0) < 0) { + log_error("setreuid() failed: %m"); + goto child_fail; + } } if ((asprintf((char**)(envp + 3), "HOME=%s", home ? home: "/root") < 0) || |