Check for negative gid

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2017-10-10 16:07:35 -04:00 · 2017-10-10 16:07:35 -04:00 · 5f9284cb98
parent f55f79d6ba
commit 5f9284cb98
2 changed files with 5 additions and 0 deletions
--- a/exec.go
+++ b/exec.go
@ -213,6 +213,9 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) {
 		p.User.UID = uint32(uid)
 	}
 	for _, gid := range context.Int64Slice("additional-gids") {
+		if gid < 0 {
+			return nil, fmt.Errorf("additional-gids must be a positive number %d", gid)
+		}
 		p.User.AdditionalGids = append(p.User.AdditionalGids, uint32(gid))
 	}
 	return p, nil
--- a/tests/integration/exec.bats
+++ b/tests/integration/exec.bats
@ -114,6 +114,8 @@ function teardown() {
 }

@test "runc exec --additional-gids" {
+  requires root
+
  # run busybox detached
  runc run -d --console-socket $CONSOLE_SOCKET test_busybox
  [ "$status" -eq 0 ]