jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clear groups after entering userns 

Clears supplementary groups that have effect on the
mount permissions before joining the user specified
groups happens.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
Tonis Tiigi 2016-03-10 22:23:38 -08:00
parent 1beb2410db
commit 04da969aa8
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libcontainer/nsenter/nsexec.c
View File

@ -16,6 +16,7 @@
#include <sys/types.h>
#include <sys/prctl.h>
#include <unistd.h>
#include <grp.h>
#include <bits/sockaddr.h>
#include <linux/types.h>
@ -384,6 +385,11 @@ static void process_nl_attributes(int pipenum, char *data, int data_size)
exit(1);
}
if (setgroups(0, NULL) == -1) {
pr_perror("setgroups failed");
exit(1);
}
if (consolefd != -1) {
if (ioctl(consolefd, TIOCSCTTY, 0) == -1) {
pr_perror("ioctl TIOCSCTTY failed");