ilyakooo0/nix-bundle
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nix-bundle.git synced 2024-09-11 06:55:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #32 from input-output-hk/dont-leak-setgroups

Browse Source 
dont leak the /proc/self/setgroups fd
This commit is contained in:
Matthew Justin Bauer 2018-04-05 13:56:41 -05:00 committed by GitHub
commit 107eec3dc9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nix-user-chroot/main.cpp
View File

@ -202,6 +202,7 @@ int main(int argc, char *argv[]) {
int fd_setgroups = open("/proc/self/setgroups", O_WRONLY);
if (fd_setgroups > 0) {
write(fd_setgroups, "deny", 4);
close(fd_setgroups);
}
// map the original uid/gid in the new ns