lix-project/lix
20
55
Fork 31
Code Issues 344 Code Review (Gerrit) Projects 3 Releases Wiki Activity

SimpleUserLock::getSupplementaryGIDs(): Filter out main gid

Browse source 
This avoids having the user's gid in the supplementary group list as
well.
This commit is contained in:
Eelco Dolstra 2022-11-22 09:03:30 +01:00
parent b37c2d84b6
commit 3d23b9d032
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/libstore/lock.cc
View file

@ -71,21 +71,22 @@ struct SimpleUserLock : UserLock
user. This is usually either empty or contains a user. This is usually either empty or contains a
group such as "kvm". */ group such as "kvm". */
int ngroups = 32; // arbitrary initial guess int ngroups = 32; // arbitrary initial guess
lock->supplementaryGIDs.resize(ngroups); std::vector<gid_t> gids;
gids.resize(ngroups);
int err = getgrouplist( int err = getgrouplist(
pw->pw_name, pw->pw_gid, pw->pw_name, pw->pw_gid,
lock->supplementaryGIDs.data(), gids.data(),
&ngroups); &ngroups);
/* Our initial size of 32 wasn't sufficient, the /* Our initial size of 32 wasn't sufficient, the
correct size has been stored in ngroups, so we try correct size has been stored in ngroups, so we try
again. */ again. */
if (err == -1) { if (err == -1) {
lock->supplementaryGIDs.resize(ngroups); gids.resize(ngroups);
err = getgrouplist( err = getgrouplist(
pw->pw_name, pw->pw_gid, pw->pw_name, pw->pw_gid,
lock->supplementaryGIDs.data(), gids.data(),
&ngroups); &ngroups);
} }
@ -94,7 +95,9 @@ struct SimpleUserLock : UserLock
throw Error("failed to get list of supplementary groups for '%s'", pw->pw_name); throw Error("failed to get list of supplementary groups for '%s'", pw->pw_name);
// Finally, trim back the GID list to its real size. // Finally, trim back the GID list to its real size.
lock->supplementaryGIDs.resize(ngroups); for (auto i = 0; i < ngroups; i++)
if (gids[i] != lock->gid)
lock->supplementaryGIDs.push_back(gids[i]);
#endif #endif
return lock; return lock;