security: skip obtaining additional groups for root, as they don't matter

As it was reported, some systems don't use /etc/passwd. On such systems getpwuid fails with undefined errno(see getpwuid(3)) not allowing criu to restrict ids with user additional groups. Luckily, on such systems criu is run as root, so we can just skip obtaining additional groups, as they don't matter for root. Reported-by: Christopher Covington <cov@codeaurora.org> Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com> Tested-by: Christopher Covington <cov@codeaurora.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

security: skip obtaining additional groups for root, as they don't matter
As it was reported, some systems don't use /etc/passwd. On such systems getpwuid fails with undefined errno(see getpwuid(3)) not allowing criu to restrict ids with user additional groups. Luckily, on such systems criu is run as root, so we can just skip obtaining additional groups, as they don't matter for root. Reported-by: Christopher Covington <cov@codeaurora.org> Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com> Tested-by: Christopher Covington <cov@codeaurora.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
0628118c · Ruslan Kuprieiev · Pavel Emelyanov · 5289ea97 · 0628118c
Commit 0628118c authored Aug 06, 2014 by Ruslan Kuprieiev Committed by Pavel Emelyanov Aug 06, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

security.c security.c +4 -0

No files found.
--- a/security.c
+++ b/security.c
@@ -36,6 +36,10 @@ int restrict_uid(unsigned int uid, unsigned int gid)
 	cr_uid = uid;
 	cr_gid = gid;
+	/* skip obtaining additional groups for root, as they don't matter */
+	if (cr_uid == 0 && cr_gid == 0)
+		return 0;
 	pwd = getpwuid(uid);
 	if (!pwd) {
 		pr_perror("Can't get password file entry");