lxc-usernsexec: don't fail on setgroups()

We can fail to setgroups() when "deny" has been set which we need to set when
we are a fully unprivileged user.

Closes: 3420.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index 79dfe42c9406ff7182b8313411e50b6d48fb0d35..3c22482f4f6c2ceed724a459567da6d22a9fd89e 100644 (file)
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -87,11 +87,11 @@ static int do_child(void *vargv)
        int ret;
        char **argv = (char **)vargv;
 
-       /* Assume we want to become root */
-       if (!lxc_switch_uid_gid(0, 0))
+       if (!lxc_setgroups(0, NULL))
                return -1;
 
-       if (!lxc_setgroups(0, NULL))
+       /* Assume we want to become root */
+       if (!lxc_switch_uid_gid(0, 0))
                return -1;
 
        ret = unshare(CLONE_NEWNS);