conf: improve userns_exec_mapped_root()

As we do in all other places, first drop groups, then use
setres{g,u}id().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index fe54718a957505555e558728e8075151efd59bd9..62ea6ae54a95a5706bb338c753b255b867b693cc 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -5505,11 +5505,20 @@ int userns_exec_mapped_root(const char *path, int path_fd,
 
                close_prot_errno_disarm(sock_fds[0]);
 
-               if (!lxc_switch_uid_gid(0, 0))
+               if (!lxc_drop_groups() && errno != EPERM)
                        _exit(EXIT_FAILURE);
 
-               if (!lxc_drop_groups())
+               ret = setresgid(0, 0, 0);
+               if (ret < 0) {
+                       SYSERROR("Failed to setresgid(0, 0, 0)");
                        _exit(EXIT_FAILURE);
+               }
+
+               ret = setresuid(0, 0, 0);
+               if (ret < 0) {
+                       SYSERROR("Failed to setresuid(0, 0, 0)");
+                       _exit(EXIT_FAILURE);
+               }
 
                ret = fchown(target_fd, 0, st.st_gid);
                if (ret) {