| commit | cc4662f9642995c78bed587707eeb9ad8500035b | |
| author | Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> | |
| Sat, 9 Jul 2011 09:22:07 +0000 (9 10:22 +0100) | ||
| committer | Blue Swirl <blauwirbel@gmail.com> | |
| Tue, 12 Jul 2011 21:41:29 +0000 (12 21:41 +0000) | ||
| tree | 3ab1a05e9b21edfbae7aa0235336537bd5468925 | treesnapshot (tar.gz zip) |
| parent | 429bef6912bd3d504593b9aefdbcb39e981d387e | commitdiff |
os-posix: set groups properly for -runas
Andrew Griffiths reports that -runas does not set supplementary group
IDs. This means that gid 0 (root) is not dropped when switching to an
unprivileged user.
Add an initgroups(3) call to use the -runas user's /etc/groups
membership to update the supplementary group IDs.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Andrew Griffiths reports that -runas does not set supplementary group
IDs. This means that gid 0 (root) is not dropped when switching to an
unprivileged user.
Add an initgroups(3) call to use the -runas user's /etc/groups
membership to update the supplementary group IDs.
Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
| os-posix.c | diffblobblamehistory |