syscall: don't call Setgroups if Credential.Groups is empty

Setgroups with zero-length groups is no-op for changing groups and supposed to be used only for determining curent groups length. Also because we deny setgroups by default if use GidMappings we have unnecessary error from that no-op syscall. Change-Id: I8f74fbca9190a3dcbbef1d886c518e01fa05eb62 Reviewed-on: https://go-review.googlesource.com/13938 Reviewed-by: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
2025-12-08 06:10:04 +00:00 · 2015-08-26 20:45:28 -07:00 · 2015-08-26 20:45:28 -07:00 · 8261c887aa
commit 8261c887aa
parent b55c4a0c54
2 changed files with 13 additions and 6 deletions
--- a/src/syscall/exec_linux.go
+++ b/src/syscall/exec_linux.go
@ -191,13 +191,12 @@ func forkAndExecInChild(argv0 *byte, argv, envv []*byte, chroot, dir *byte, attr
 	// User and groups
 	if cred := sys.Credential; cred != nil {
 		ngroups := uintptr(len(cred.Groups))
-		var groups unsafe.Pointer
 		if ngroups > 0 {
-			groups = unsafe.Pointer(&cred.Groups[0])
-		}
-		_, _, err1 = RawSyscall(SYS_SETGROUPS, ngroups, uintptr(groups), 0)
-		if err1 != 0 {
-			goto childerror
+			groups := unsafe.Pointer(&cred.Groups[0])
+			_, _, err1 = RawSyscall(SYS_SETGROUPS, ngroups, uintptr(groups), 0)
+			if err1 != 0 {
+				goto childerror
+			}
 		}
 		_, _, err1 = RawSyscall(SYS_SETGID, uintptr(cred.Gid), 0, 0)
 		if err1 != 0 {