From 420e914c4cc4c2ba34fd75790ea194d7f4a47d2c Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 29 Jul 2021 11:50:48 +0200
Subject: [PATCH] libmount: fix setgroups() use

* keep process in single supplementary group, which is the real group ID for the process

* make sure we have rights to call setgroups(), requires group permissions

Fixes: https://github.com/karelzak/util-linux/issues/1398
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 include/c.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/c.h b/include/c.h
index c1e4c5ffc..a4504e3ba 100644
--- a/include/c.h
+++ b/include/c.h
@@ -340,14 +340,16 @@ static inline size_t get_hostname_max(void)
 
 static inline int drop_permissions(void)
 {
+	gid_t newgid = getgid();
+
 	errno = 0;
 
 	/* drop supplementary groups */
-	if (setgroups(0, NULL) != 0)
+	if (geteuid() == 0 && setgroups(1, &newgid) != 0)
 		goto fail;
 
 	/* drop GID */
-	if (setgid(getgid()) < 0)
+	if (setgid(newgid) < 0)
 		goto fail;
 
 	/* drop UID */