util: make virSetUIDGID a NOP only when uid or gid is -1

Rather than treating uid:gid of 0:0 as a NOP, we blindly pass that
through to the lower layers. However, we *do* check for a requested
value of "-1" to mean "don't change this setting". setregid() and
setreuid() already interpret -1 as a NOP, so this is just an
optimization, but we are also calling getpwuid_r and initgroups, and
it's unclear what the former would do with a uid of -1.

diff --git a/src/util/virutil.c b/src/util/virutil.c
index 24ba9549497fef03bb560d2ff589083e62cfb36d..0d7db00fc1fd924c56a82668ccaa50a5b24598d8 100644 (file)
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2687,7 +2687,7 @@ virSetUIDGID(uid_t uid, gid_t gid)
     int err;
     char *buf = NULL;
 
-    if (gid > 0) {
+    if (gid != (gid_t)-1) {
         if (setregid(gid, gid) < 0) {
             virReportSystemError(err = errno,
                                  _("cannot change to '%d' group"),
@@ -2696,7 +2696,7 @@ virSetUIDGID(uid_t uid, gid_t gid)
         }
     }
 
-    if (uid > 0) {
+    if (uid != (uid_t)-1) {
 # ifdef HAVE_INITGROUPS
         struct passwd pwd, *pwd_result;
         size_t bufsize;