libmount: fix setgroups() use
* keep process in single supplementary group, which is the real group ID for the process * make sure we have rights to call setgroups(), requires group permissions Fixes: https://github.com/karelzak/util-linux/issues/1398 Signed-off-by: Karel Zak <kzak@redhat.com>
This commit is contained in:
parent
4f2406545c
commit
4763080701
|
@ -340,14 +340,16 @@ static inline size_t get_hostname_max(void)
|
|||
|
||||
static inline int drop_permissions(void)
|
||||
{
|
||||
gid_t newgid = getgid();
|
||||
|
||||
errno = 0;
|
||||
|
||||
/* drop supplementary groups */
|
||||
if (setgroups(0, NULL) != 0)
|
||||
if (geteuid() == 0 && setgroups(1, &newgid) != 0)
|
||||
goto fail;
|
||||
|
||||
/* drop GID */
|
||||
if (setgid(getgid()) < 0)
|
||||
if (setgid(newgid) < 0)
|
||||
goto fail;
|
||||
|
||||
/* drop UID */
|
||||
|
|
Loading…
Reference in New Issue