aboutgitcodebugslistschat
path: root/contrib
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2022-08-29 11:23:29 +0200
committerStefano Brivio <sbrivio@redhat.com>2022-08-30 19:15:44 +0200
commit9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b (patch)
tree7041d095455200e82616d93ad1178964fcb2c5b6 /contrib
parent60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c (diff)
downloadpasst-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar
passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.gz
passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.bz2
passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.lz
passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.xz
passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.zst
passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.zip
util: Drop any supplementary group before dropping privileges
Commit a951e0b9efcb ("conf: Add --runas option, changing to given UID and GID if started as root") dropped the call to initgroups() that used to add supplementary groups corresponding to the user we'll eventually run as -- we don't need those. However, if the original user belongs to supplementary groups (usually not the case, if started as root), we don't drop those, now, and rpmlint says: passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt.avx2 Add a call to setgroups() with an empty set, to drop any supplementary group we might currently have, before changing GID and UID. Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'contrib')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 01:55:14 +0000