core: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466)

Remove the assert and check the return code of sysconf(_SC_NGROUPS_MAX).

_SC_NGROUPS_MAX maps to NGROUPS_MAX which is defined in <limits.h> to
65536 these days. The value is a sysctl read-only
/proc/sys/kernel/ngroups_max and the kernel assumes that it is always
positive otherwise things may break. Follow this and support only
positive values for all other case return either -errno or -EOPNOTSUPP.

Now if there are systems that want to re-write NGROUPS_MAX then they
should not pass SupplementaryGroups= in units even if it is empty, in
this case nothing fails and we just ignore supplementary groups. However
if SupplementaryGroups= is passed even if it is empty we have to assume
that there will be groups manipulation from our side or the kernel and
since the kernel always assumes that NGROUPS_MAX is positive, then
follow that and support only positive values.

src/core/execute.c

@@ -788,6 +788,19 @@ static int get_fixed_supplementary_groups(const ExecContext *c,
         if (!c->supplementary_groups)
                 return 0;
 
+        /*
+         * If SupplementaryGroups= was passed then NGROUPS_MAX has to
+         * be positive, otherwise fail.
+         */
+        errno = 0;
+        ngroups_max = (int) sysconf(_SC_NGROUPS_MAX);
+        if (ngroups_max <= 0) {
+                if (errno > 0)
+                        return -errno;
+                else
+                        return -EOPNOTSUPP; /* For all other values */
+        }
+
         /*
          * If user is given, then lookup GID and supplementary group list.
          * We avoid NSS lookups for gid=0.
@@ -800,8 +813,6 @@ static int get_fixed_supplementary_groups(const ExecContext *c,
                 keep_groups = true;
         }
 
-        assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
-
         l_gids = new(gid_t, ngroups_max);
         if (!l_gids)
                 return -ENOMEM;