Re: [libvirt] [PATCH] [RFC] virSetUIDGID: Don't leak supplementary groups

On Tue, Jun 23, 2015 at 01:48:42PM +0200, Richard Weinberger wrote: > > The LXC driver uses virSetUIDGID() to become UID/GID 0. > It passes an empty groups list to virSetUIDGID() > to get rid of all supplementary groups from the host side. > But virSetUIDGID() calls setgroups() only if the supplied list > is larger than 0. > This leads to a container root with unrelated supplementary groups. > In most cases this issue is unoticed as libvirtd runs as UID/GID 0 > without any supplementary groups. > > Signed-off-by: Richard Weinberger <richard(a)nod.at&gt; > --- > I've marked that patch as RFC as I'm not sure if all users of > virSetUIDGID() > expect this behavior too. > I went through the callers and I see no reason why setgroups should not be called. ACK. I also can't think of a use case in which we'd like to keep the supplemental groups.