Add comment
This commit is contained in:
parent
2d801bf0a4
commit
786ee585b8
1 changed files with 2 additions and 1 deletions
|
@ -2165,7 +2165,8 @@ void DerivationGoal::startBuilder()
|
||||||
namespace, we can't drop additional groups; they will
|
namespace, we can't drop additional groups; they will
|
||||||
be mapped to nogroup in the child namespace. There does
|
be mapped to nogroup in the child namespace. There does
|
||||||
not seem to be a workaround for this. (But who can tell
|
not seem to be a workaround for this. (But who can tell
|
||||||
from reading user_namespaces(7)?)*/
|
from reading user_namespaces(7)?)
|
||||||
|
See also https://lwn.net/Articles/621612/. */
|
||||||
if (getuid() == 0 && setgroups(0, 0) == -1)
|
if (getuid() == 0 && setgroups(0, 0) == -1)
|
||||||
throw SysError("setgroups failed");
|
throw SysError("setgroups failed");
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue