Merge pull request #634 from tonistiigi/clear-groups

Clear groups after entering userns

libcontainer/nsenter/nsexec.c

@@ -16,6 +16,7 @@
 #include <sys/types.h>
 #include <sys/prctl.h>
 #include <unistd.h>
+#include <grp.h>
 
 #include <bits/sockaddr.h>
 #include <linux/types.h>
@@ -383,6 +384,11 @@ static void process_nl_attributes(int pipenum, char *data, int data_size)
 			pr_perror("setgid failed");
 			exit(1);
 		}
+    
+		if (setgroups(0, NULL) == -1) {
+			pr_perror("setgroups failed");
+			exit(1);
+		}
 
 		if (consolefd != -1) {
 			if (ioctl(consolefd, TIOCSCTTY, 0) == -1) {