Currently, unprivileged processes (without CAP_SETGID) cannot call
setgroups at all. In particular, processes with a set of supplementary
groups cannot further drop permissions without obtaining elevated
permissions first.
Allow unprivileged processes to call setgroups with a subset of their
Currently, unprivileged processes (without CAP_SETGID) cannot call
setgroups at all. In particular, processes with a set of supplementary
groups cannot further drop permissions without obtaining elevated
permissions first.
Allow unprivileged processes to call setgroups with a subset of their
2 matches
Mail list logo