From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 9 Apr 2018 16:01:38 +0000 (+0200)
Subject: attach: always drop supplementary groups
X-Git-Tag: lxc-3.1.0~334^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24927339bd52856eba0cc5033893e036988ce369;p=thirdparty%2Flxc.git

attach: always drop supplementary groups

Closes #1704.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 9a8a836d5..3b7152721 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -870,12 +870,12 @@ static int attach_child_main(struct attach_clone_payload *payload)
 		ret = lxc_switch_uid_gid(new_uid, new_gid);
 		if (ret < 0)
 			goto on_error;
-
-		ret = lxc_setgroups(0, NULL);
-		if (ret < 0)
-			goto on_error;
 	}
 
+	ret = lxc_setgroups(0, NULL);
+	if (ret < 0)
+		goto on_error;
+
 	if ((init_ctx->container && init_ctx->container->lxc_conf &&
 	     init_ctx->container->lxc_conf->no_new_privs) ||
 	    (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) {