[CRIU] [PATCH] security: skip obtaining additional groups for root, as they don't matter

Ruslan Kuprieiev kupruser at gmail.com
Wed Aug 6 07:49:22 PDT 2014


As it was reported, some systems don't use /etc/passwd.
On such systems getpwuid fails with undefined errno(see getpwuid(3))
not allowing criu to restrict ids with user additional groups.
Luckily, on such systems criu is run as root, so we can
just skip obtaining additional groups, as they don't matter
for root.

Reported-by: Christopher Covington <cov at codeaurora.org>
Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
---
 security.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/security.c b/security.c
index 9cb70ab..a801005 100644
--- a/security.c
+++ b/security.c
@@ -36,6 +36,10 @@ int restrict_uid(unsigned int uid, unsigned int gid)
 	cr_uid = uid;
 	cr_gid = gid;
 
+	/* skip obtaining additional groups for root, as they don't matter */
+	if (cr_uid == 0 && cr_gid == 0)
+		return 0;
+
 	pwd = getpwuid(uid);
 	if (!pwd) {
 		pr_perror("Can't get password file entry");
-- 
1.9.1



More information about the CRIU mailing list