This is an additional change to fix up groups for the process before we drop privilege.
From the commit message:
If setresuid(2) is called on its own, the process will still have group
"root", but it should be the group for the user with UID.
Also, setresgid(2) sets the supplementary groups for the process from
the "current set", which is root's set in this case, so change the
current set with initgroups(3) to use UID's supplementary groups.
sofar
commented
10 years ago
This is an additional change to fix up groups for the process before we drop privilege.
From the commit message:
If setresuid(2) is called on its own, the process will still have group "root", but it should be the group for the user with UID.
Also, setresgid(2) sets the supplementary groups for the process from the "current set", which is root's set in this case, so change the current set with initgroups(3) to use UID's supplementary groups.