Do not switch to root for lxc-execute

Signed-off-by: Patrick Toomey <ptoomey3@biasedcoin.com>
lxc · Aug 28, 2015 · e06155c · e06155c
1 parent 814d049
commit e06155c
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/lxc/start.c b/src/lxc/start.c
@@ -664,9 +664,10 @@ static int do_start(void *data)
 
 	/*
 	 * if we are in a new user namespace, become root there to have
-	 * privilege over our namespace
+	 * privilege over our namespace. We don't become root for lxc-execute, as
+	 * the intent is to execute a command as the original user.
 	 */
-	if (!lxc_list_empty(&handler->conf->id_map)) {
+	if (!handler->conf->is_execute && !lxc_list_empty(&handler->conf->id_map)) {
 		NOTICE("switching to gid/uid 0 in new user namespace");
 		if (setgid(0)) {
 			SYSERROR("setgid");