picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nspawn: reset supplementary and main group id before entering nspawn

This commit is contained in:
Lennart Poettering 2012-11-21 02:58:55 +01:00
parent ba9904e9ce
commit 3c957acf86
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TODO
View File

@ -180,8 +180,6 @@ Features:
* nspawn: implement personality changes a la linux32(8)
* nspawn: reset all aux groups
* cryptsetup-generator: warn if the password files are world-readable
* cryptsetup-generator: add RequiresMountsFor= to cryptseup service files referencing a file, similar for devices

17
src/nspawn/nspawn.c
View File

@ -1327,6 +1327,23 @@ int main(int argc, char *argv[]) {
log_error("setreuid() failed: %m");
goto child_fail;
}
} else {
/* Reset everything fully to 0, just in case */
if (setgroups(0, NULL) < 0) {
log_error("setgroups() failed: %m");
goto child_fail;
}
if (setresgid(0, 0, 0) < 0) {
log_error("setregid() failed: %m");
goto child_fail;
}
if (setresuid(0, 0, 0) < 0) {
log_error("setreuid() failed: %m");
goto child_fail;
}
}
if ((asprintf((char**)(envp + 3), "HOME=%s", home ? home: "/root") < 0) ||