setregid() and setreuid() already interpret -1 as a NOP, so this is
just an optimization for those, but we are also calling getpwuid_r and
initgroups, and it's unclear what the former would do with a uid of
-1.
---
src/util/virutil.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virutil.c b/src/util/virutil.c
index 24ba954..fddc39e 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2687,7 +2687,7 @@ virSetUIDGID(uid_t uid, gid_t gid)
int err;
char *buf = NULL;
- if (gid > 0) {
+ if (gid != -1 && gid > 0) {
if (setregid(gid, gid) < 0) {
virReportSystemError(err = errno,
_("cannot change to '%d' group"),
@@ -2696,7 +2696,7 @@ virSetUIDGID(uid_t uid, gid_t gid)
}
}
- if (uid > 0) {
+ if (uid != -1 && uid > 0) {
# ifdef HAVE_INITGROUPS
struct passwd pwd, *pwd_result;
size_t bufsize;
--
1.8.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list