@@ -191,26 +191,62 @@ static int hyper_setup_exec_user(struct hyper_exec *exec)
191191 char * user = exec -> user == NULL || strlen (exec -> user ) == 0 ? NULL : exec -> user ;
192192 char * group = exec -> group == NULL || strlen (exec -> group ) == 0 ? NULL : exec -> group ;
193193
194+ uid_t uid = 0 ;
195+ gid_t gid = 0 ;
196+ int ngroups ;
197+ gid_t * reallocgroups , * groups = NULL ;
198+
194199 // check the config
195- if (!user ) {
196- if (group || exec -> nr_additional_groups > 0 ) {
197- fprintf (stderr , "group or additional groups can only be set when user is set\n" );
198- return -1 ;
199- }
200+ if (!user && !group && exec -> nr_additional_groups == 0 ) {
200201 return 0 ;
201202 }
202203
203204 // get uid
204- fprintf (stdout , "try to find the user: %s\n" , user );
205- struct passwd * pwd = hyper_getpwnam (user );
206- if (pwd == NULL ) {
207- perror ("can't find the user" );
208- return -1 ;
205+ if (user ) {
206+ fprintf (stdout , "try to find the user: %s\n" , user );
207+ struct passwd * pwd = hyper_getpwnam (user );
208+ if (pwd == NULL ) {
209+ perror ("can't find the user" );
210+ return -1 ;
211+ }
212+ uid = pwd -> pw_uid ;
213+ gid = pwd -> pw_gid ;
214+
215+ // get groups of user
216+ groups = malloc (sizeof (gid_t ) * 10 );
217+ if (groups == NULL ) {
218+ goto fail ;
219+ }
220+ if (hyper_getgrouplist (pwd -> pw_name , gid , groups , & ngroups ) < 0 ) {
221+ reallocgroups = realloc (groups , sizeof (gid_t ) * ngroups );
222+ if (reallocgroups == NULL ) {
223+ goto fail ;
224+ }
225+ groups = reallocgroups ;
226+ if (hyper_getgrouplist (pwd -> pw_name , gid , groups , & ngroups ) < 0 ) {
227+ goto fail ;
228+ }
229+ }
230+
231+ // set user related envs. the container env config can overwrite it
232+ setenv ("USER" , pwd -> pw_name , 1 );
233+ setenv ("HOME" , pwd -> pw_dir , 1 );
234+ } else {
235+ ngroups = getgroups (0 , NULL );
236+ if (ngroups < 0 ) {
237+ goto fail ;
238+ }
239+ groups = malloc (sizeof (gid_t ) * ngroups );
240+ if (groups == NULL ) {
241+ goto fail ;
242+ }
243+ ngroups = getgroups (ngroups , groups );
244+ if (ngroups < 0 ) {
245+ goto fail ;
246+ }
209247 }
210- uid_t uid = pwd -> pw_uid ;
211248
212249 // get gid
213- gid_t gid = pwd -> pw_gid ;
214250 if (group ) {
215251 fprintf (stdout , "try to find the group: %s\n" , group );
216252 struct group * gr = hyper_getgrnam (group );
@@ -221,19 +257,8 @@ static int hyper_setup_exec_user(struct hyper_exec *exec)
221257 gid = gr -> gr_gid ;
222258 }
223259
224- // get all gids
225- int i , ngroups = 10 ;
226- gid_t * reallocgroups , * groups = malloc (sizeof (gid_t ) * ngroups );
227- if (groups == NULL )
228- goto fail ;
229- if (hyper_getgrouplist (pwd -> pw_name , gid , groups , & ngroups ) < 0 ) {
230- reallocgroups = realloc (groups , sizeof (gid_t ) * ngroups );
231- if (reallocgroups == NULL )
232- goto fail ;
233- groups = reallocgroups ;
234- if (hyper_getgrouplist (pwd -> pw_name , gid , groups , & ngroups ) < 0 )
235- goto fail ;
236- }
260+ // append additional groups to supplementary groups
261+ int i ;
237262 reallocgroups = realloc (groups , sizeof (gid_t ) * (ngroups + exec -> nr_additional_groups ));
238263 if (reallocgroups == NULL )
239264 goto fail ;
@@ -274,10 +299,6 @@ static int hyper_setup_exec_user(struct hyper_exec *exec)
274299 }
275300 free (groups );
276301
277- // set user related envs. the container env config can overwrite it
278- setenv ("USER" , pwd -> pw_name , 1 );
279- setenv ("HOME" , pwd -> pw_dir , 1 );
280-
281302 return 0 ;
282303
283304fail :
0 commit comments