From 192a86cadf9200eb2b28b5cddefc42bc9a8003e7 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 17 Jul 2013 11:21:09 +0200
Subject: [PATCH] lxc_container: Don't call virGetGroupList during exec

Commit 75c1256 states that virGetGroupList must not be called
between fork and exec, then commit ee777e99 promptly violated
that for lxc.

Patch originally posted by Eric Blake <eblake@redhat.com>.
---
 src/lxc/lxc_container.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index b51d7a2e85..ca8a39ec8f 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -351,24 +351,18 @@ int lxcContainerWaitForContinue(int control)
  */
 static int lxcContainerSetID(virDomainDefPtr def)
 {
-    gid_t *groups;
-    int ngroups;
-
     /* Only call virSetUIDGID when user namespace is enabled
      * for this container. And user namespace is only enabled
      * when nuidmap&ngidmap is not zero */
 
     VIR_DEBUG("Set UID/GID to 0/0");
     if (def->idmap.nuidmap &&
-        ((ngroups = virGetGroupList(0, 0, &groups) < 0) ||
-         virSetUIDGID(0, 0, groups, ngroups) < 0)) {
+        virSetUIDGID(0, 0, NULL, 0) < 0) {
         virReportSystemError(errno, "%s",
                              _("setuid or setgid failed"));
-        VIR_FREE(groups);
         return -1;
     }
 
-    VIR_FREE(groups);
     return 0;
 }