user: don't fail on setgroup() if not groups were specified

diff --git a/Makefile b/Makefile
index 156cbcb398e07f2220bc5f074f8d8f571315628d..44f6b18aa6cf609a0afed71714562d7af9ed383e 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -103,7 +103,7 @@ caps.o: caps.h nsjail.h logs.h macros.h util.h
 cgroup.o: cgroup.h nsjail.h logs.h util.h
 cmdline.o: cmdline.h nsjail.h caps.h config.h logs.h macros.h mnt.h user.h
 cmdline.o: util.h
-config.o: caps.h nsjail.h cmdline.h config.h config.pb.h logs.h macros.h
+config.o: config.h nsjail.h caps.h cmdline.h config.pb.h logs.h macros.h
 config.o: mnt.h user.h util.h
 contain.o: contain.h nsjail.h caps.h cgroup.h cpu.h logs.h macros.h mnt.h
 contain.o: net.h pid.h user.h util.h uts.h

diff --git a/config.cc b/config.cc
index 5c50271a4811b6a6febe2b096e56cb4921c20702..7b69e083dc010e9d953e17e4b78c5ecb12186c55 100644 (file)
--- a/config.cc
+++ b/config.cc
@@ -19,7 +19,11 @@
 
 */
 
+#include "config.h"
+
 #include <fcntl.h>
+#include <google/protobuf/io/zero_copy_stream_impl.h>
+#include <google/protobuf/text_format.h>
 #include <stdio.h>
 #include <sys/mount.h>
 #include <sys/personality.h>
@@ -27,15 +31,12 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
-#include <google/protobuf/io/zero_copy_stream_impl.h>
-#include <google/protobuf/text_format.h>
 #include <fstream>
 #include <string>
 #include <vector>
 
 #include "caps.h"
 #include "cmdline.h"
-#include "config.h"
 #include "config.pb.h"
 #include "logs.h"
 #include "macros.h"

diff --git a/config.proto b/config.proto
index 90091be92fa2bbb40c8b2b3fdf2533ee0eea0d84..836670469827548b4657bde018b31bc145679baa 100644 (file)
--- a/config.proto
+++ b/config.proto
@@ -4,14 +4,14 @@ package nsjail;
 
 enum Mode {
     LISTEN = 0; /* Listening on a TCP port */
-    ONCE = 1;   /* Running the command once only */
-    RERUN = 2;  /* Re-executing the command (forever) */
+    ONCE = 1;  /* Running the command once only */
+    RERUN = 2; /* Re-executing the command (forever) */
     EXECVE = 3; /* Executing command w/o the supervisor */
 }
 /* Should be self explanatory */
 enum LogLevel {
-    DEBUG = 0;   /* Equivalent to the '-v' cmd-line option */
-    INFO = 1;    /* Default level */
+    DEBUG = 0;  /* Equivalent to the '-v' cmd-line option */
+    INFO = 1;   /* Default level */
     WARNING = 2; /* Equivalent to the '-q' cmd-line option */
     ERROR = 3;
     FATAL = 4;

diff --git a/logs.cc b/logs.cc
index 0c1d7061eb465963a31ec3faf7daa33f5706e50d..45a807222d0b77e5ad2aa2a8434efebfb0972c54 100644 (file)
--- a/logs.cc
+++ b/logs.cc
@@ -38,8 +38,6 @@
 #include "macros.h"
 #include "util.h"
 
-#include <string.h>
-
 namespace logs {
 
 static int _log_fd = STDERR_FILENO;

diff --git a/user.cc b/user.cc
index 84ee54cd3eafc7c55bec76476f51387ffb368150..3acf3a663a93166ebea48c983160f8361d6ac1a4 100644 (file)
--- a/user.cc
+++ b/user.cc
@@ -251,8 +251,7 @@ bool initNsFromChild(nsjconf_t* nsjconf) {
                for (auto it = nsjconf->gids.begin() + 1; it != nsjconf->gids.end(); it++) {
                        groups.push_back(it->inside_id);
                        groupsString += std::to_string(it->inside_id);
-                       if (it < nsjconf->gids.end() - 1)
-                               groupsString += ", ";
+                       if (it < nsjconf->gids.end() - 1) groupsString += ", ";
                }
        }
        groupsString += "]";
@@ -264,8 +263,12 @@ bool initNsFromChild(nsjconf_t* nsjconf) {
 
        LOG_D("setgroups(%lu, %s)", groups.size(), groupsString.c_str());
        if (setgroups(groups.size(), groups.data()) == -1) {
+               /* Indicate errror if specific groups were requested */
+               if (groups.size() > 0) {
+                       PLOG_E("setgroups(%lu, %s) failed", groups.size(), groupsString.c_str());
+                       return false;
+               }
                PLOG_D("setgroups(%lu, %s) failed", groups.size(), groupsString.c_str());
-               return false;
        }
 
        if (!setResUid(nsjconf->uids[0].inside_id)) {