lxc_container: Don't call virGetGroupList during exec

Commit 75c12564 states that virGetGroupList must not be called between fork and exec, then commit ee777e99 promptly violated that for lxc. Patch originally posted by Eric Blake <eblake@redhat.com>.

lxc_container: Don't call virGetGroupList during exec
Commit 75c12564 states that virGetGroupList must not be called between fork and exec, then commit ee777e99 promptly violated that for lxc. Patch originally posted by Eric Blake <eblake@redhat.com>.
192a86ca · Michal Privoznik · cc732931 · 192a86ca
隐藏空白更改
内联并排

Showing with 1 addition and 7 deletion

src/lxc/lxc_container.c src/lxc/lxc_container.c +1 -7

未找到文件。
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -351,24 +351,18 @@ int lxcContainerWaitForContinue(int control)
 */
 static int lxcContainerSetID(virDomainDefPtr def)
 {
-    gid_t *groups;
-    int ngroups;
-
    /* Only call virSetUIDGID when user namespace is enabled
     * for this container. And user namespace is only enabled
     * when nuidmap&ngidmap is not zero */

    VIR_DEBUG("Set UID/GID to 0/0");
    if (def->idmap.nuidmap &&
-        ((ngroups = virGetGroupList(0, 0, &groups) < 0) ||
-         virSetUIDGID(0, 0, groups, ngroups) < 0)) {
+        virSetUIDGID(0, 0, NULL, 0) < 0) {
        virReportSystemError(errno, "%s",
                             _("setuid or setgid failed"));
-        VIR_FREE(groups);
        return -1;
    }

-    VIR_FREE(groups);
    return 0;
 }