]> xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commit
projects / people / liuw / libxenctrl-split / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 370707a) | patch
virSetUIDGID: Don't leak supplementary groups
authorRichard Weinberger <richard@nod.at>
Tue, 23 Jun 2015 11:48:42 +0000 (13:48 +0200)
committerDaniel P. Berrange <berrange@redhat.com>
Wed, 18 Nov 2015 11:41:12 +0000 (11:41 +0000)
commit867f34a6837e05fcd5c2ea4ae8c7d111e3e2f5a4
tree841e48053076b4f37f3d7783fca58ec2656dee2btree
parent370707a7a9109e8b7419e626bd6954fa041a7d23commit | diff
virSetUIDGID: Don't leak supplementary groups

The LXC driver uses virSetUIDGID() to become UID/GID 0.
It passes an empty groups list to virSetUIDGID()
to get rid of all supplementary groups from the host side.
But virSetUIDGID() calls setgroups() only if the supplied list
is larger than 0.
This leads to a container root with unrelated supplementary groups.
In most cases this issue is unoticed as libvirtd runs as UID/GID 0
without any supplementary groups.

Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
src/util/virutil.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.