test: set /proc/$pid/setgroups to 'deny' before writing to .../gid_map

Since Linux 3.19-rc1, it is necessary to disable setgroups permissions
before writing to gid_map. Silently ignore if 'setgroups' can't be
opened or written to.

Signed-off-by: Daniel Mack <daniel@zonque.org>

diff --git a/test/kdbus-util.c b/test/kdbus-util.c
index 07ef85d700f96c8286fefaff76665f17c75109f4..a7ab8c18477bbb24c142730193c7c650492abca9 100644 (file)
--- a/test/kdbus-util.c
+++ b/test/kdbus-util.c
@@ -1523,7 +1523,7 @@ int userns_map_uid_gid(pid_t pid,
                       const char *map_uid,
                       const char *map_gid)
 {
-       int ret;
+       int fd, ret;
        char file_id[128] = {'\0'};
 
        snprintf(file_id, sizeof(file_id), "/proc/%ld/uid_map",
@@ -1533,6 +1533,15 @@ int userns_map_uid_gid(pid_t pid,
        if (ret < 0)
                return ret;
 
+       snprintf(file_id, sizeof(file_id), "/proc/%ld/setgroups",
+                (long) pid);
+
+       fd = open(file_id, O_WRONLY);
+       if (fd >= 0) {
+               write(fd, "deny\n", 5);
+               close(fd);
+       }
+
        snprintf(file_id, sizeof(file_id), "/proc/%ld/gid_map",
                 (long) pid);