From: Jagger <robert@swiecki.net>
Date: Sun, 28 Feb 2016 01:41:57 +0000 (+0100)
Subject: No need to update /proc/pid/setgroups if euid==0
X-Git-Tag: 1.1~31
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fb8eb88410c85b1a35e6646fc20b62e13e60d19c;p=platform%2Fupstream%2Fnsjail.git

No need to update /proc/pid/setgroups if euid==0
---

diff --git a/contain.c b/contain.c
index 49503e9..bd9718c 100644
--- a/contain.c
+++ b/contain.c
@@ -47,6 +47,14 @@
 
 static bool containSetGroups(pid_t pid)
 {
+	/*
+	 * No need to write 'deny' to /proc/pid/setgroups if our euid==0, as writing to uid_map/gid_map
+	 * will succeed anyway
+	 */
+	if (geteuid() == 0) {
+		return true;
+	}
+
 	char fname[PATH_MAX];
 	snprintf(fname, sizeof(fname), "/proc/%d/setgroups", pid);
 	const char *denystr = "deny";