capabilities: initialize supplementary groups only when doing a setuid()
authorMartin Willi <martin@revosec.ch>
Wed, 8 May 2013 12:58:28 +0000 (14:58 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 15 May 2013 15:20:47 +0000 (17:20 +0200)
src/libstrongswan/utils/capabilities.c

index 44a1449..c58ce2f 100644 (file)
@@ -225,7 +225,7 @@ METHOD(capabilities_t, drop, bool,
        prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
 #endif
 
        prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
 #endif
 
-       if (!init_supplementary_groups(this))
+       if (this->uid && !init_supplementary_groups(this))
        {
                DBG1(DBG_LIB, "initializing supplementary groups for %u failed",
                         this->uid);
        {
                DBG1(DBG_LIB, "initializing supplementary groups for %u failed",
                         this->uid);