diff options
author | Karel Zak | 2015-01-08 12:52:43 +0100 |
---|---|---|
committer | Karel Zak | 2015-01-09 10:36:21 +0100 |
commit | e99a6626d6262266f012a20ae69c8e4573ee22fd (patch) | |
tree | 4b29fc9f9443bcfd55988198438f804a51cdc3b2 /sys-utils/hwclock-cmos.c | |
parent | nsenter: keep semantic consistent (diff) | |
download | kernel-qcow2-util-linux-e99a6626d6262266f012a20ae69c8e4573ee22fd.tar.gz kernel-qcow2-util-linux-e99a6626d6262266f012a20ae69c8e4573ee22fd.tar.xz kernel-qcow2-util-linux-e99a6626d6262266f012a20ae69c8e4573ee22fd.zip |
nsenter: add --preserve-credentials and cleanup setgroups() usage
The new option --preserve-credentials completely disables all
operations related to UIGs and GIDs.
The patch also calls setgroups() before we enter user namespace (so
root can always clear their groups) and after we enter user namespace
(to detect /proc/self/setgroups "deny"). If both fail then nsenter
complains.
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/hwclock-cmos.c')
0 files changed, 0 insertions, 0 deletions