Thanks, applied.
On Sat, Jul 9, 2011 at 12:22 PM, Stefan Hajnoczi
wrote:
> Andrew Griffiths reports that -runas does not set supplementary group
> IDs. This means that gid 0 (root) is not dropped when switching to an
> unprivileged user.
>
> Add an initgroups(3) call to use the -runas user's /et
* Chris Wright (chr...@sous-sol.org) wrote:
> * Stefan Hajnoczi (stefa...@linux.vnet.ibm.com) wrote:
> > @@ -199,6 +200,11 @@ static void change_process_uid(void)
> > fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
> > exit(1);
> > }
> > +if (
Andrew Griffiths reports that -runas does not set supplementary group
IDs. This means that gid 0 (root) is not dropped when switching to an
unprivileged user.
Add an initgroups(3) call to use the -runas user's /etc/groups
membership to update the supplementary group IDs.
Signed-off-by: Stefan Ha
