External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-12 15:52:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

lxc_container: Don't call virGetGroupList during exec

Browse Source 
Commit 75c1256 states that virGetGroupList must not be called
between fork and exec, then commit ee777e99 promptly violated
that for lxc.

Patch originally posted by Eric Blake <eblake@redhat.com>.
This commit is contained in:
Michal Privoznik 2013-07-17 11:21:09 +02:00
parent cc7329317f
commit 192a86cadf
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/lxc/lxc_container.c
View File

@ -351,24 +351,18 @@ int lxcContainerWaitForContinue(int control)
*/
static int lxcContainerSetID(virDomainDefPtr def)
{
gid_t *groups;
int ngroups;
/* Only call virSetUIDGID when user namespace is enabled
* for this container. And user namespace is only enabled
* when nuidmap&ngidmap is not zero */
VIR_DEBUG("Set UID/GID to 0/0");
if (def->idmap.nuidmap &&
((ngroups = virGetGroupList(0, 0, &groups) < 0) ||
virSetUIDGID(0, 0, groups, ngroups) < 0)) {
virSetUIDGID(0, 0, NULL, 0) < 0) {
virReportSystemError(errno, "%s",
_("setuid or setgid failed"));
VIR_FREE(groups);
return -1;
}
VIR_FREE(groups);
return 0;
}