From: Patrick Toomey <ptoomey3@biasedcoin.com>
Date: Thu, 9 Jul 2015 22:58:17 +0000 (-0600)
Subject: Do not switch to root for lxc-execute
X-Git-Tag: lxc-2.0.0.beta1~164^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e06155c9abc930daf5983f890057ad709fe958fb;p=thirdparty%2Flxc.git

Do not switch to root for lxc-execute

Signed-off-by: Patrick Toomey <ptoomey3@biasedcoin.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 6eded6155..ce65e8243 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -664,9 +664,10 @@ static int do_start(void *data)
 
 	/*
 	 * if we are in a new user namespace, become root there to have
-	 * privilege over our namespace
+	 * privilege over our namespace. We don't become root for lxc-execute, as
+	 * the intent is to execute a command as the original user.
 	 */
-	if (!lxc_list_empty(&handler->conf->id_map)) {
+	if (!handler->conf->is_execute && !lxc_list_empty(&handler->conf->id_map)) {
 		NOTICE("switching to gid/uid 0 in new user namespace");
 		if (setgid(0)) {
 			SYSERROR("setgid");