lxc-usernsexec: don't fail on setgroups()

We can fail to setgroups() when "deny" has been set which we need to set when we are a fully unprivileged user. Closes: 3420. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc · May 20, 2020 · 158d119 · 158d119
1 parent 7cf6e24
commit 158d119
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/lxc/cmd/lxc_usernsexec.c b/src/lxc/cmd/lxc_usernsexec.c
@@ -87,11 +87,11 @@ static int do_child(void *vargv)
 	int ret;
 	char **argv = (char **)vargv;
 
-	/* Assume we want to become root */
-	if (!lxc_switch_uid_gid(0, 0))
+	if (!lxc_setgroups(0, NULL))
 		return -1;
 
-	if (!lxc_setgroups(0, NULL))
+	/* Assume we want to become root */
+	if (!lxc_switch_uid_gid(0, 0))
 		return -1;
 
 	ret = unshare(CLONE_NEWNS);