tree-wide: use lxc_drop_groups() instead of lxc_setgroups(0, NULL)

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 03b29338da579d3abb3d0eb4fed98cd374fd9460..edddfc5659f2f688a8ba3f9193581239754d8b56 100644 (file)
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -1214,7 +1214,7 @@ __noreturn static void do_attach(struct attach_payload *ap)
                        goto on_error;
        }
 
-       if (!lxc_setgroups(0, NULL) && errno != EPERM)
+       if (!lxc_drop_groups() && errno != EPERM)
                goto on_error;
 
        if (options->namespaces & CLONE_NEWUSER)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index ee116cb66015b2ae62b981ef08880e4c1f52bfb8..665e83c24f98e50b40a838bcfe9579331ccf0990 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -965,7 +965,7 @@ static int cgroup_tree_remove_wrapper(void *data)
        gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
        int ret;
 
-       if (!lxc_setgroups(0, NULL) && errno != EPERM)
+       if (!lxc_drop_groups() && errno != EPERM)
                return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
 
        ret = setresgid(nsgid, nsgid, nsgid);
@@ -1574,7 +1574,7 @@ static int chown_cgroup_wrapper(void *data)
        uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid;
        gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
 
-       if (!lxc_setgroups(0, NULL) && errno != EPERM)
+       if (!lxc_drop_groups() && errno != EPERM)
                return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
 
        ret = setresgid(nsgid, nsgid, nsgid);

diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
index c22a33bb4134a43e4d0bdd626aedbc8a56d8ec22..26022c8060ac9f6c35106235536301f5da8b3d8c 100644 (file)
--- a/src/lxc/cmd/lxc_usernsexec.c
+++ b/src/lxc/cmd/lxc_usernsexec.c
@@ -88,7 +88,7 @@ static int do_child(void *vargv)
        int ret;
        char **argv = (char **)vargv;
 
-       if (!lxc_setgroups(0, NULL) && errno != EPERM)
+       if (!lxc_drop_groups() && errno != EPERM)
                return -1;
 
        /* Assume we want to become root */

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 22a3b32dcdb7ef976da236b01fa0c5ab9611f31b..4d258ada71b7850281300e21086f848cbfb9b030 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4282,7 +4282,7 @@ int userns_exec_minimal(const struct lxc_conf *conf,
 
                close_prot_errno_disarm(sock_fds[0]);
 
-               if (!lxc_setgroups(0, NULL) && errno != EPERM)
+               if (!lxc_drop_groups() && errno != EPERM)
                        _exit(EXIT_FAILURE);
 
                ret = setresgid(resgid, resgid, resgid);
@@ -4700,7 +4700,7 @@ int userns_exec_mapped_root(const char *path, int path_fd,
                if (!lxc_switch_uid_gid(0, 0))
                        _exit(EXIT_FAILURE);
 
-               if (!lxc_setgroups(0, NULL))
+               if (!lxc_drop_groups())
                        _exit(EXIT_FAILURE);
 
                ret = fchown(target_fd, 0, st.st_gid);

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index c8d93a30acbf946fb621c3821f2325074d47a732..0b1729b904d2cc0c1a2606e7148c6a54f93407d6 100644 (file)
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -3660,7 +3660,7 @@ static int clone_update_rootfs(struct clone_update_data *data)
        /* update hostname in rootfs */
        /* we're going to mount, so run in a clean namespace to simplify cleanup */
 
-       (void)lxc_setgroups(0, NULL);
+       (void)lxc_drop_groups();
 
        if (setgid(0) < 0) {
                ERROR("Failed to setgid to 0");

diff --git a/src/lxc/start.c b/src/lxc/start.c
index abc70d28faeeeaff30a893286c410cf665b23150..0a9edc303afe3fc0914afc76f62cab24a97898ba 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1111,7 +1111,7 @@ static int do_start(void *data)
                /* Drop groups only after we switched to a valid gid in the new
                 * user namespace.
                 */
-               if (!lxc_setgroups(0, NULL) &&
+               if (!lxc_drop_groups() &&
                    (handler->am_root || errno != EPERM))
                        goto out_warn_father;
 
@@ -1410,7 +1410,7 @@ static int do_start(void *data)
                #if HAVE_LIBCAP
                if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE))
                #endif
-                       if (!lxc_setgroups(0, NULL))
+                       if (!lxc_drop_groups())
                                goto out_warn_father;
 
        if (!lxc_switch_uid_gid(new_uid, new_gid))

diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c
index 0a28dc9c98d9696fd220f9a9bb58abb88a7d0848..a0ef68c663a561bcd862799e3c756e80a269e627 100644 (file)
--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -374,7 +374,7 @@ int btrfs_snapshot_wrapper(void *data)
        const char *src;
        struct rsync_data_char *arg = data;
 
-       (void)lxc_setgroups(0, NULL);
+       (void)lxc_drop_groups();
 
        if (setgid(0) < 0) {
                ERROR("Failed to setgid to 0");

diff --git a/src/lxc/storage/rsync.c b/src/lxc/storage/rsync.c
index 2e4df25374c35d0a2fc901fd6ee34d8d7e01120b..b369f9c639e8997b22cb5acc35c201be170fa393 100644 (file)
--- a/src/lxc/storage/rsync.c
+++ b/src/lxc/storage/rsync.c
@@ -35,7 +35,7 @@ int lxc_rsync_exec_wrapper(void *data)
        if (!lxc_switch_uid_gid(0, 0))
                return -1;
 
-       if (!lxc_setgroups(0, NULL))
+       if (!lxc_drop_groups())
                return -1;
 
        return lxc_rsync_exec(args->src, args->dest);
@@ -96,7 +96,7 @@ int lxc_rsync(struct rsync_data *data)
        if (!lxc_switch_uid_gid(0, 0))
                return -1;
 
-       if (!lxc_setgroups(0, NULL))
+       if (!lxc_drop_groups())
                return -1;
 
        src = lxc_storage_get_path(orig->dest, orig->type);

diff --git a/src/lxc/storage/storage_utils.c b/src/lxc/storage/storage_utils.c
index f96bd520ba8ee5798d7d19c2bbba70f8a0c298cd..a976256e54960b5679d0007d20f0f6258aa72389 100644 (file)
--- a/src/lxc/storage/storage_utils.c
+++ b/src/lxc/storage/storage_utils.c
@@ -461,7 +461,7 @@ int storage_destroy_wrapper(void *data)
 {
        struct lxc_conf *conf = data;
 
-       (void)lxc_setgroups(0, NULL);
+       (void)lxc_drop_groups();
 
        if (setgid(0) < 0) {
                SYSERROR("Failed to setgid to 0");