From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 18 Jan 2022 15:14:13 +0000 (+0100)
Subject: conf: improve userns_exec_mapped_root()
X-Git-Tag: lxc-5.0.0~37^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0f6f149d513a52081955980f4091b36ded85029;p=thirdparty%2Flxc.git

conf: improve userns_exec_mapped_root()

As we do in all other places, first drop groups, then use
setres{g,u}id().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index fe54718a9..62ea6ae54 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -5505,11 +5505,20 @@ int userns_exec_mapped_root(const char *path, int path_fd,
 
 		close_prot_errno_disarm(sock_fds[0]);
 
-		if (!lxc_switch_uid_gid(0, 0))
+		if (!lxc_drop_groups() && errno != EPERM)
 			_exit(EXIT_FAILURE);
 
-		if (!lxc_drop_groups())
+		ret = setresgid(0, 0, 0);
+		if (ret < 0) {
+			SYSERROR("Failed to setresgid(0, 0, 0)");
 			_exit(EXIT_FAILURE);
+		}
+
+		ret = setresuid(0, 0, 0);
+		if (ret < 0) {
+			SYSERROR("Failed to setresuid(0, 0, 0)");
+			_exit(EXIT_FAILURE);
+		}
 
 		ret = fchown(target_fd, 0, st.st_gid);
 		if (ret) {