Comment 3 for bug 1903332

Assuming we aren't talking about a setuid application, it's possible for the supplementary groups to contain 'root' (eg, run under sudo, ssh root logins, etc).

If we are talking about a setuid application, we shouldn't blindly drop them (and there is no reason to since root isn't going to be part of the group set in a setuid application anyway).

Please verify that the code in question isn't running under setuid (IME it is not) and assuming it is not running under setuid, please drop the supplementary groups to ensure we're covered all the cases when temporarily dropping and the group is present.