utils: add lxc_drop_groups()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 60d35ed926fd57d126e10a8bcc4fb9cbe373c09a..afe4e641e66e721505fc0e90fda0ef5a3f1cdc13 100644 (file)
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1442,6 +1442,18 @@ bool lxc_switch_uid_gid(uid_t uid, gid_t gid)
 }
 
 /* Simple convenience function which enables uniform logging. */
+bool lxc_drop_groups(void)
+{
+       int ret;
+
+       ret = setgroups(0, NULL);
+       if (ret)
+               return log_error_errno(false, errno, "Failed to drop supplimentary groups");
+
+       NOTICE("Dropped supplimentary groups");
+       return ret == 0;
+}
+
 bool lxc_setgroups(int size, gid_t list[])
 {
        if (setgroups(size, list) < 0) {

diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index ffc235a1b9b5ad5ce14ee49c9ad603eced20caab..e918fb77f3374d27368b73d7bf35d79d2a2f4046 100644 (file)
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -157,6 +157,7 @@ __hidden extern bool task_blocks_signal(pid_t pid, int signal);
  */
 __hidden extern bool lxc_switch_uid_gid(uid_t uid, gid_t gid);
 __hidden extern bool lxc_setgroups(int size, gid_t list[]);
+__hidden extern bool lxc_drop_groups(void);
 
 /* Find an unused loop device and associate it with source. */
 __hidden extern int lxc_prepare_loop_dev(const char *source, char *loop_dev, int flags);