Hi Eric, > I wonder if gnulib could provide a workaround setgroups() that overcomes > this issue I don't see how a workaround could look like. The problem is not the value of NGROUPS_MAX in user-space, but the same value NGROUPS_MAX in the kernel. More precisely, in the Darwin kernel file bsd/kern/kern_prot.c there is a function 'setgroups1', that contains the common implementation of the setgroups() and initgroups() system call, and this function fails with EINVAL if the number of groups in the set is > NGROUPS. In the kernel sources, NGROUPS is defined as NGROUPS_MAX, and NGROUPS_MAX is defined as 16. So, the situation on macOS has not changed since this page was written: https://www.j3e.de/ngroups.html What kind of workaround are you imagining? That we override open(), access(), eaccess() to call setgroups() first, in an intelligent way? That would be quite gross. For what purpose is libvirt or QEMU using setgroups()? Bruno -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list