diff options
| author | David Howells <dhowells@redhat.com> | 2016-02-03 21:17:09 +0000 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2016-02-03 21:17:09 +0000 |
| commit | 6f3fc3ede85a0a2fbcd369c631afe9eba34c0f30 (patch) | |
| tree | b091f8cac9b2e00997b657276bac8e521b3f4936 | |
| parent | 16a05600ee87b8162c04a45169b2408013a2afea (diff) | |
| download | cachefilesd-6f3fc3ede85a0a2fbcd369c631afe9eba34c0f30.tar.gz | |
Clear the supplementary groups list when daemonising
Clear the supplementary groups list when daemonising the process.
This fixes the following issue raised by rpmlint:
cachefilesd.x86_64: E: missing-call-to-setgroups-before-setuid /usr/sbin/cachefilesd
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
| -rw-r--r-- | cachefilesd.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/cachefilesd.c b/cachefilesd.c index 8cf9179..94c3bf8 100644 --- a/cachefilesd.c +++ b/cachefilesd.c @@ -47,6 +47,7 @@ #include <time.h> #include <poll.h> #include <limits.h> +#include <grp.h> #include <sys/inotify.h> #include <sys/time.h> #include <sys/vfs.h> @@ -120,6 +121,8 @@ static unsigned long long brun, bcull, bstop, frun, fcull, fstop; static unsigned long long b_resume_threshold = ULLONG_MAX; static unsigned long long f_resume_threshold = 5; +static const gid_t group_list[0]; + #define cachefd 3 static __attribute__((noreturn)) @@ -350,6 +353,9 @@ int main(int argc, char *argv[]) oserror("Unable to get max open files"); /* become owned by root */ + if (setgroups(sizeof(group_list) / sizeof(gid_t), group_list) < 0) + oserror("Unable to clear the supplementary groups"); + if (setresuid(0, 0, 0) < 0) oserror("Unable to set UID to 0"); |