? 0
: handler->conf->init_gid;
- ret = lxc_switch_uid_gid(nsuid, nsgid);
- if (ret < 0)
+ if (!lxc_switch_uid_gid(nsuid, nsgid))
goto out_warn_father;
/* Drop groups only after we switched to a valid gid in the new
* user namespace.
*/
- ret = lxc_setgroups(0, NULL);
- if (ret < 0 && (handler->am_root || errno != EPERM))
+ if (!lxc_setgroups(0, NULL) && (handler->am_root || errno != EPERM))
goto out_warn_father;
ret = prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
#else
have_cap_setgid = false;
#endif
- if (lxc_list_empty(&handler->conf->id_map) && have_cap_setgid) {
- if (lxc_setgroups(0, NULL) < 0)
+ if (lxc_list_empty(&handler->conf->id_map) && have_cap_setgid)
+ if (!lxc_setgroups(0, NULL))
goto out_warn_father;
- }
- if (lxc_switch_uid_gid(new_uid, new_gid) < 0)
+ if (!lxc_switch_uid_gid(new_uid, new_gid))
goto out_warn_father;
ret = lxc_ambient_caps_down();
return 0;
}
-int lxc_switch_uid_gid(uid_t uid, gid_t gid)
+bool lxc_switch_uid_gid(uid_t uid, gid_t gid)
{
- if (setgid(gid) < 0) {
- SYSERROR("Failed to switch to gid %d.", gid);
- return -errno;
+ int ret = 0;
+
+ if (gid != LXC_INVALID_GID) {
+ ret = setgid(gid);
+ if (ret < 0) {
+ SYSERROR("Failed to switch to gid %d", gid);
+ return false;
+ }
+ NOTICE("Switched to gid %d", gid);
}
- NOTICE("Switched to gid %d.", gid);
- if (setuid(uid) < 0) {
- SYSERROR("Failed to switch to uid %d.", uid);
- return -errno;
+ if (uid != LXC_INVALID_UID) {
+ ret = setuid(uid);
+ if (ret < 0) {
+ SYSERROR("Failed to switch to uid %d", uid);
+ return false;
+ }
+ NOTICE("Switched to uid %d", uid);
}
- NOTICE("Switched to uid %d.", uid);
- return 0;
+ return true;
}
-/* Simple covenience function which enables uniform logging. */
-int lxc_setgroups(int size, gid_t list[])
+/* Simple convenience function which enables uniform logging. */
+bool lxc_setgroups(int size, gid_t list[])
{
if (setgroups(size, list) < 0) {
- SYSERROR("Failed to setgroups().");
- return -errno;
+ SYSERROR("Failed to setgroups()");
+ return false;
}
- NOTICE("Dropped additional groups.");
+ NOTICE("Dropped additional groups");
- return 0;
+ return true;
}
static int lxc_get_unused_loop_dev_legacy(char *loop_name)
extern int parse_byte_size_string(const char *s, int64_t *converted);
/* Switch to a new uid and gid. */
-int lxc_switch_uid_gid(uid_t uid, gid_t gid);
-int lxc_setgroups(int size, gid_t list[]);
+bool lxc_switch_uid_gid(uid_t uid, gid_t gid);
+bool lxc_setgroups(int size, gid_t list[]);
/* Find an unused loop device and associate it with source. */
int lxc_prepare_loop_dev(const char *source, char *loop_dev, int flags);
projects / thirdparty / lxc.git / commitdiff
