Merge pull request #3 from mialinx/master

Reduce privileges during Reborn, not StartProcess
sevlyar · Jan 15, 2015 · 8fe5849 · 8fe5849
2 parents d4be9dc + e518691
commit 8fe5849
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/daemon_posix.go b/daemon_posix.go
@@ -109,8 +109,6 @@ func (d *Context) parent() (child *os.Process, err error) {
 		Env:   d.Env,
 		Files: d.files(),
 		Sys: &syscall.SysProcAttr{
-			//Chroot:     d.Chroot,
-			Credential: d.Credential,
 			Setsid:     true,
 		},
 	}
@@ -249,6 +247,16 @@ func (d *Context) child() (err error) {
 	if len(d.Chroot) > 0 {
 		err = syscall.Chroot(d.Chroot)
 	}
+	if d.Credential.Gid > 0 {
+		if err = syscall.Setgid(int(d.Credential.Gid)); err != nil {
+			return
+		}
+	}
+	if d.Credential.Uid > 0 {
+		if err = syscall.Setuid(int(d.Credential.Uid)); err != nil {
+			return
+		}
+	}
 
 	return
 }