attach: always drop supplementary groups

author Christian Brauner <christian.brauner@ubuntu.com>

Mon, 9 Apr 2018 16:01:38 +0000 (18:01 +0200)

committer Christian Brauner <christian.brauner@ubuntu.com>

Mon, 9 Apr 2018 16:01:38 +0000 (18:01 +0200)
author Christian Brauner <christian.brauner@ubuntu.com>
Mon, 9 Apr 2018 16:01:38 +0000 (18:01 +0200)
committer Christian Brauner <christian.brauner@ubuntu.com>
Mon, 9 Apr 2018 16:01:38 +0000 (18:01 +0200)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c

index 9a8a836d5a8c8d29b608483aa21a40b6e3a50254..3b7152721525033c789509e261c46d34cfbd5377 100644 (file)
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -870,12 +870,12 @@ static int attach_child_main(struct attach_clone_payload *payload)
                 ret = lxc_switch_uid_gid(new_uid, new_gid);
                 if (ret < 0)
                         goto on_error;
-
-               ret = lxc_setgroups(0, NULL);
-               if (ret < 0)
-                       goto on_error;
         }
  
+       ret = lxc_setgroups(0, NULL);
+       if (ret < 0)
+               goto on_error;
+
         if ((init_ctx->container && init_ctx->container->lxc_conf &&
              init_ctx->container->lxc_conf->no_new_privs) ||
             (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) {
author	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 9 Apr 2018 16:01:38 +0000 (18:01 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 9 Apr 2018 16:01:38 +0000 (18:01 +0200)