* Chris Wright (<email address hidden>) wrote:
> * Stefan Hajnoczi (<email address hidden>) wrote:
> > @@ -199,6 +200,11 @@ static void change_process_uid(void)
> > fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
> > exit(1);
> > }
> > + if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
> > + fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
> > + user_pwd->pw_name, user_pwd->pw_gid);
> > + exit(1);
> > + }
>
> Does initgroups need access to /etc/group? How does this combine w/
> -chroot?
Tested this on Linux, and w/out /etc/group it simply fails to add any
supplementary groups (doesn't fail completely, just fails safely).
Appears similar from solaris manpages.
* Chris Wright (<email address hidden>) wrote: process_ uid(void) user_pwd- >pw_name, user_pwd->pw_gid) < 0) {
> * Stefan Hajnoczi (<email address hidden>) wrote:
> > @@ -199,6 +200,11 @@ static void change_
> > fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
> > exit(1);
> > }
> > + if (initgroups(
> > + fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
> > + user_pwd->pw_name, user_pwd->pw_gid);
> > + exit(1);
> > + }
>
> Does initgroups need access to /etc/group? How does this combine w/
> -chroot?
Tested this on Linux, and w/out /etc/group it simply fails to add any
supplementary groups (doesn't fail completely, just fails safely).
Appears similar from solaris manpages.
Given that...
Acked-by: Chris Wright <email address hidden>