Do not switch to root for lxc-execute

Signed-off-by: Patrick Toomey <ptoomey3@biasedcoin.com>

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 6eded6155941e2a5c41ea1de4c58e2d62149a503..ce65e824332053f22311412ff5d26c7c9c1b0cef 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -664,9 +664,10 @@ static int do_start(void *data)
 
        /*
         * if we are in a new user namespace, become root there to have
-        * privilege over our namespace
+        * privilege over our namespace. We don't become root for lxc-execute, as
+        * the intent is to execute a command as the original user.
         */
-       if (!lxc_list_empty(&handler->conf->id_map)) {
+       if (!handler->conf->is_execute && !lxc_list_empty(&handler->conf->id_map)) {
                NOTICE("switching to gid/uid 0 in new user namespace");
                if (setgid(0)) {
                        SYSERROR("setgid");