From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 5 Feb 2021 08:55:16 +0000 (+0100)
Subject: utils: add lxc_drop_groups()
X-Git-Tag: lxc-5.0.0~299^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8dd6f81e70e77c228091020c663473af6838d0d2;p=thirdparty%2Flxc.git

utils: add lxc_drop_groups()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 60d35ed92..afe4e641e 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1442,6 +1442,18 @@ bool lxc_switch_uid_gid(uid_t uid, gid_t gid)
 }
 
 /* Simple convenience function which enables uniform logging. */
+bool lxc_drop_groups(void)
+{
+	int ret;
+
+	ret = setgroups(0, NULL);
+	if (ret)
+		return log_error_errno(false, errno, "Failed to drop supplimentary groups");
+
+	NOTICE("Dropped supplimentary groups");
+	return ret == 0;
+}
+
 bool lxc_setgroups(int size, gid_t list[])
 {
 	if (setgroups(size, list) < 0) {
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index ffc235a1b..e918fb77f 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -157,6 +157,7 @@ __hidden extern bool task_blocks_signal(pid_t pid, int signal);
  */
 __hidden extern bool lxc_switch_uid_gid(uid_t uid, gid_t gid);
 __hidden extern bool lxc_setgroups(int size, gid_t list[]);
+__hidden extern bool lxc_drop_groups(void);
 
 /* Find an unused loop device and associate it with source. */
 __hidden extern int lxc_prepare_loop_dev(const char *source, char *loop_dev, int flags);