Commit 6c295a9a authored by Russ Cox's avatar Russ Cox

syscall: for ForkExec on Linux, always use 32-bit setgroups system call

Fixes #17092.

Change-Id: If203d802a919e00594ddc1282782fc59a083fd63
Reviewed-on: https://go-review.googlesource.com/31458Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
parent f2f8d58b
...@@ -214,7 +214,7 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr ...@@ -214,7 +214,7 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr
// and disabled setgroups, because otherwise unprivileged user namespace // and disabled setgroups, because otherwise unprivileged user namespace
// will fail with any non-empty SysProcAttr.Credential. // will fail with any non-empty SysProcAttr.Credential.
if !(sys.GidMappings != nil && !sys.GidMappingsEnableSetgroups && ngroups == 0) { if !(sys.GidMappings != nil && !sys.GidMappingsEnableSetgroups && ngroups == 0) {
_, _, err1 = RawSyscall(SYS_SETGROUPS, ngroups, groups, 0) _, _, err1 = RawSyscall(_SYS_setgroups, ngroups, groups, 0)
if err1 != 0 { if err1 != 0 {
goto childerror goto childerror
} }
......
...@@ -10,8 +10,9 @@ package syscall ...@@ -10,8 +10,9 @@ package syscall
import "unsafe" import "unsafe"
const ( const (
_SYS_dup = SYS_DUP2 _SYS_dup = SYS_DUP2
_SYS_getdents = SYS_GETDENTS64 _SYS_getdents = SYS_GETDENTS64
_SYS_setgroups = SYS_SETGROUPS32
) )
func setTimespec(sec, nsec int64) Timespec { func setTimespec(sec, nsec int64) Timespec {
......
...@@ -5,8 +5,9 @@ ...@@ -5,8 +5,9 @@
package syscall package syscall
const ( const (
_SYS_dup = SYS_DUP2 _SYS_dup = SYS_DUP2
_SYS_getdents = SYS_GETDENTS64 _SYS_getdents = SYS_GETDENTS64
_SYS_setgroups = SYS_SETGROUPS
) )
//sys Dup2(oldfd int, newfd int) (err error) //sys Dup2(oldfd int, newfd int) (err error)
......
...@@ -7,8 +7,9 @@ package syscall ...@@ -7,8 +7,9 @@ package syscall
import "unsafe" import "unsafe"
const ( const (
_SYS_dup = SYS_DUP2 _SYS_dup = SYS_DUP2
_SYS_getdents = SYS_GETDENTS64 _SYS_getdents = SYS_GETDENTS64
_SYS_setgroups = SYS_SETGROUPS32
) )
func setTimespec(sec, nsec int64) Timespec { func setTimespec(sec, nsec int64) Timespec {
......
...@@ -5,8 +5,9 @@ ...@@ -5,8 +5,9 @@
package syscall package syscall
const ( const (
_SYS_dup = SYS_DUP3 _SYS_dup = SYS_DUP3
_SYS_getdents = SYS_GETDENTS64 _SYS_getdents = SYS_GETDENTS64
_SYS_setgroups = SYS_SETGROUPS
) )
//sys Fchown(fd int, uid int, gid int) (err error) //sys Fchown(fd int, uid int, gid int) (err error)
......
...@@ -15,7 +15,8 @@ const ( ...@@ -15,7 +15,8 @@ const (
// to support older kernels, we have to use getdents for mips64. // to support older kernels, we have to use getdents for mips64.
// Also note that struct dirent is different for these two. // Also note that struct dirent is different for these two.
// Lookup linux_dirent{,64} in kernel source code for details. // Lookup linux_dirent{,64} in kernel source code for details.
_SYS_getdents = SYS_GETDENTS _SYS_getdents = SYS_GETDENTS
_SYS_setgroups = SYS_SETGROUPS
) )
//sys Dup2(oldfd int, newfd int) (err error) //sys Dup2(oldfd int, newfd int) (err error)
......
...@@ -8,8 +8,9 @@ ...@@ -8,8 +8,9 @@
package syscall package syscall
const ( const (
_SYS_dup = SYS_DUP2 _SYS_dup = SYS_DUP2
_SYS_getdents = SYS_GETDENTS64 _SYS_getdents = SYS_GETDENTS64
_SYS_setgroups = SYS_SETGROUPS
) )
//sys Dup2(oldfd int, newfd int) (err error) //sys Dup2(oldfd int, newfd int) (err error)
......
...@@ -7,8 +7,9 @@ package syscall ...@@ -7,8 +7,9 @@ package syscall
import "unsafe" import "unsafe"
const ( const (
_SYS_dup = SYS_DUP2 _SYS_dup = SYS_DUP2
_SYS_getdents = SYS_GETDENTS64 _SYS_getdents = SYS_GETDENTS64
_SYS_setgroups = SYS_SETGROUPS
) )
//sys Dup2(oldfd int, newfd int) (err error) //sys Dup2(oldfd int, newfd int) (err error)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment