summaryrefslogtreecommitdiffstats
path: root/src/basic/capability-util.c
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2016-09-28 18:37:39 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2016-10-06 11:49:00 +0200
commit36d854780c01d589e5da1fc6e94f46aa41f7016f (patch)
tree57a0d3871f1903ab5dd0a2077e4aa669dc44e36c /src/basic/capability-util.c
parentaudit: disable if cannot create NETLINK_AUDIT socket (diff)
downloadsystemd-36d854780c01d589e5da1fc6e94f46aa41f7016f.tar.xz
systemd-36d854780c01d589e5da1fc6e94f46aa41f7016f.zip
core: do not fail in a container if we can't use setgroups
It might be blocked through /proc/PID/setgroups
Diffstat (limited to 'src/basic/capability-util.c')
-rw-r--r--src/basic/capability-util.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index d4c5bd6937..f8db6e0212 100644
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -31,6 +31,7 @@
#include "log.h"
#include "macro.h"
#include "parse-util.h"
+#include "user-util.h"
#include "util.h"
int have_effective_cap(int value) {
@@ -295,7 +296,7 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
if (setresgid(gid, gid, gid) < 0)
return log_error_errno(errno, "Failed to change group ID: %m");
- if (setgroups(0, NULL) < 0)
+ if (maybe_setgroups(0, NULL) < 0)
return log_error_errno(errno, "Failed to drop auxiliary groups list: %m");
/* Ensure we keep the permitted caps across the setresuid() */