On Fri, 30 Aug 2019 at 21:33, Bruno Haible <bruno@xxxxxxxxx> wrote: > > Hi Eric, > > > I wonder if gnulib could provide a workaround setgroups() that overcomes > > this issue > > I don't see how a workaround could look like. The problem is not the value > of NGROUPS_MAX in user-space, but the same value NGROUPS_MAX in the kernel. > More precisely, in the Darwin kernel file bsd/kern/kern_prot.c there is a > function 'setgroups1', that contains the common implementation of the > setgroups() and initgroups() system call, and this function fails with EINVAL > if the number of groups in the set is > NGROUPS. In the kernel sources, > NGROUPS is defined as NGROUPS_MAX, and NGROUPS_MAX is defined as 16. > > So, the situation on macOS has not changed since this page was written: > https://www.j3e.de/ngroups.html > > What kind of workaround are you imagining? That we override open(), > access(), eaccess() to call setgroups() first, in an intelligent way? > That would be quite gross. > > For what purpose is libvirt or QEMU using setgroups()? FWIW I compiled libvirt without the setgroups code on Mac and it worked as expected. Not sure what the implications of that are though? Marcus. -- Marcus Furlong -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
