ilyakooo0/nix-bundle
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nix-bundle.git synced 2024-09-11 06:55:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

dont leak the /proc/self/setgroups fd

Browse Source
This commit is contained in:
Michael Bishop 2018-04-05 15:24:19 -03:00
parent 5e49fbc4a0
commit 8a344343ba
No known key found for this signature in database
GPG Key ID: C294FC1A485A409A
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nix-user-chroot/main.cpp
View File

@ -202,6 +202,7 @@ int main(int argc, char *argv[]) {
int fd_setgroups = open("/proc/self/setgroups", O_WRONLY);
if (fd_setgroups > 0) {
write(fd_setgroups, "deny", 4);
close(fd_setgroups);
}
// map the original uid/gid in the new ns