Clear the supplementary groups list when daemonising the process.
This fixes the following issue raised by rpmlint:
cachefilesd.x86_64: E: missing-call-to-setgroups-before-setuid /usr/sbin/cachefilesd
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
---
cachefilesd.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/cachefilesd.c b/cachefilesd.c
index 8cf9179..94c3bf8 100644
--- a/cachefilesd.c
+++ b/cachefilesd.c
@@ -47,6 +47,7 @@
#include <time.h>
#include <poll.h>
#include <limits.h>
+#include <grp.h>
#include <sys/inotify.h>
#include <sys/time.h>
#include <sys/vfs.h>
@@ -120,6 +121,8 @@ static unsigned long long brun, bcull, bstop, frun, fcull, fstop;
static unsigned long long b_resume_threshold = ULLONG_MAX;
static unsigned long long f_resume_threshold = 5;
+static const gid_t group_list[0];
+
#define cachefd 3
static __attribute__((noreturn))
@@ -350,6 +353,9 @@ int main(int argc, char *argv[])
oserror("Unable to get max open files");
/* become owned by root */
+ if (setgroups(sizeof(group_list) / sizeof(gid_t), group_list) < 0)
+ oserror("Unable to clear the supplementary groups");
+
if (setresuid(0, 0, 0) < 0)
oserror("Unable to set UID to 0");
--
Linux-cachefs mailing list
Linux-cachefs@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cachefs
