syscall: don't call Setgroups if Credential.Groups is empty Setgroups with zero-length groups is no-op for changing groups and supposed to be used only for determining curent groups length. Also because we deny setgroups by default if use GidMappings we have unnecessary error from that no-op syscall. Change-Id: I8f74fbca9190a3dcbbef1d886c518e01fa05eb62 Reviewed-on: https://go-review.googlesource.com/13938 Reviewed-by: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>

commit: 8261c887aaf997655b95591c17b1068bb627dc9d [log] [tgz]
author: Alexander Morozov <lk4d4math@gmail.com> Wed Aug 26 20:45:28 2015 -0700
committer: Ian Lance Taylor <iant@golang.org> Thu Aug 27 16:08:01 2015 +0000
tree: 84765a0389d3e7697fcb024af30fe043e700423d
parent: b55c4a0c540f164687bcceeb50d07397b5e098be [diff] [blame]
diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go
index 60d2734..8c87736 100644
--- a/src/syscall/exec_linux_test.go
+++ b/src/syscall/exec_linux_test.go

@@ -109,3 +109,11 @@
 		t.Fatalf("Unprivileged gid_map rewriting with GidMappingsEnableSetgroups must fail")
 	}
 }
+
+func TestEmptyCredGroupsDisableSetgroups(t *testing.T) {
+	cmd := whoamiCmd(t, os.Getuid(), os.Getgid(), false)
+	cmd.SysProcAttr.Credential = &syscall.Credential{}
+	if err := cmd.Run(); err != nil {
+		t.Fatal(err)
+	}
+}
commit	8261c887aaf997655b95591c17b1068bb627dc9d	[log] [tgz]
author	Alexander Morozov <lk4d4math@gmail.com>	Wed Aug 26 20:45:28 2015 -0700
committer	Ian Lance Taylor <iant@golang.org>	Thu Aug 27 16:08:01 2015 +0000
tree	84765a0389d3e7697fcb024af30fe043e700423d
parent	b55c4a0c540f164687bcceeb50d07397b5e098be [diff] [blame]