On 25/11/2025 18:48, Gaspar Ormrod wrote:
After taking your steps to debug, it just skips the loop entirely. Here's my modified code:/* Debugging for failed test */ printf("Debugging for chroot-credentials.sh failure...\n"); if ((uid_set (uid) || groups) && setgroups (n_gids, gids) != 0) { printf("Inside if\n"); error (EXIT_CANCELED, errno, _("failed to set supplemental groups")); } printf("Outside if\n"); And sudo isn't available in the environment, so the output for your command without sudo but as root user is: Debugging for chroot-credentials.sh failure... Outside first if 0 This means that the condition isn't met and the if block isn't executed. I also tried splitting the && operation into two separate if statements (whichever part first), but neither of the conditions are met. Do with this as you will, I don't entirely understand what this means.
It's good that setgroups() is not called here, as that means the supplementary groups are not cleared by chroot() I think. All that chroot should be calling is setgid(), and that should leave supplementary groups in place. You could confirm that with some getgroups() calls around the setgid(), using printf to output the number of supplementary groups before and after. I suspect something else in your environment is clearing supplementary groups, like containers or something. What is your host system? Another thing I'd check is to ensure we're running the GNU coreutils id command, which you could verify by adding the following to the test script: chroot --userspec=:$NON_ROOT_GROUP / id --version This should be the case unless the id command is not built or the PATH is unexpected. cheers, Padraig
