Blame slurm_salloc_setgroups.patch
|
Philip Kovacs |
f7f253 |
--- slurm-17.02.7/src/salloc/salloc.c.old 2017-10-05 13:25:52.403682572 -0400
|
|
Philip Kovacs |
f7f253 |
+++ slurm-17.02.7/src/salloc/salloc.c 2017-10-05 13:29:52.913975815 -0400
|
|
Philip Kovacs |
f7f253 |
@@ -333,8 +333,13 @@
|
|
Philip Kovacs |
f7f253 |
sleep (++retries);
|
|
Philip Kovacs |
f7f253 |
}
|
|
Philip Kovacs |
f7f253 |
|
|
Philip Kovacs |
f7f253 |
- /* become the user after the allocation has been requested. */
|
|
Philip Kovacs |
f7f253 |
- if (opt.uid != (uid_t) -1) {
|
|
Philip Kovacs |
f7f253 |
+ /* If the requested uid is different than ours, become that uid */
|
|
Philip Kovacs |
f7f253 |
+ if ((getuid() != opt.uid) && (opt.uid != (uid_t) -1)) {
|
|
Philip Kovacs |
f7f253 |
+ /* drop extended groups before changing uid/gid */
|
|
Philip Kovacs |
f7f253 |
+ if ((setgroups(0, NULL) < 0)) {
|
|
Philip Kovacs |
f7f253 |
+ error("setgroups: %m");
|
|
Philip Kovacs |
f7f253 |
+ exit(error_exit);
|
|
Philip Kovacs |
f7f253 |
+ }
|
|
Philip Kovacs |
f7f253 |
if (setuid(opt.uid) < 0) {
|
|
Philip Kovacs |
f7f253 |
error("setuid: %m");
|
|
Philip Kovacs |
f7f253 |
exit(error_exit);
|