core: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466)
Remove the assert and check the return code of sysconf(_SC_NGROUPS_MAX). _SC_NGROUPS_MAX maps to NGROUPS_MAX which is defined in <limits.h> to 65536 these days. The value is a sysctl read-only /proc/sys/kernel/ngroups_max and the kernel assumes that it is always positive otherwise things may break. Follow this and support only positive values for all other case return either -errno or -EOPNOTSUPP. Now if there are systems that want to re-write NGROUPS_MAX then they should not pass SupplementaryGroups= in units even if it is empty, in this case nothing fails and we just ignore supplementary groups. However if SupplementaryGroups= is passed even if it is empty we have to assume that there will be groups manipulation from our side or the kernel and since the kernel always assumes that NGROUPS_MAX is positive, then follow that and support only positive values.
This commit is contained in:
parent
60f17f75d1
commit
366ddd252e
|
@ -788,6 +788,19 @@ static int get_fixed_supplementary_groups(const ExecContext *c,
|
|||
if (!c->supplementary_groups)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* If SupplementaryGroups= was passed then NGROUPS_MAX has to
|
||||
* be positive, otherwise fail.
|
||||
*/
|
||||
errno = 0;
|
||||
ngroups_max = (int) sysconf(_SC_NGROUPS_MAX);
|
||||
if (ngroups_max <= 0) {
|
||||
if (errno > 0)
|
||||
return -errno;
|
||||
else
|
||||
return -EOPNOTSUPP; /* For all other values */
|
||||
}
|
||||
|
||||
/*
|
||||
* If user is given, then lookup GID and supplementary group list.
|
||||
* We avoid NSS lookups for gid=0.
|
||||
|
@ -800,8 +813,6 @@ static int get_fixed_supplementary_groups(const ExecContext *c,
|
|||
keep_groups = true;
|
||||
}
|
||||
|
||||
assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
|
||||
|
||||
l_gids = new(gid_t, ngroups_max);
|
||||
if (!l_gids)
|
||||
return -ENOMEM;
|
||||
|
|
Loading…
Reference in New Issue