Check for negative gid

crosbymichael · crosbymichael · commit 5f9284cb98ca · 2017-10-11T11:10:12.000-04:00
Signed-off-by: Michael Crosby &lt;crosbymichael@gmail.com&gt;
diff --git a/exec.go b/exec.go
@@ -213,6 +213,9 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) {
 		p.User.UID = uint32(uid)
 	}
 	for _, gid := range context.Int64Slice("additional-gids") {
+		if gid < 0 {
+			return nil, fmt.Errorf("additional-gids must be a positive number %d", gid)
+		}
 		p.User.AdditionalGids = append(p.User.AdditionalGids, uint32(gid))
 	}
 	return p, nil
diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats
@@ -114,6 +114,8 @@ function teardown() {
 }
 
 @test "runc exec --additional-gids" {
+  requires root
+
   # run busybox detached
   runc run -d --console-socket $CONSOLE_SOCKET test_busybox
   [ "$status" -eq 0 ]

Original file line number	Diff line number	Diff line change
`@@ -213,6 +213,9 @@ func getProcess(context cli.Context, bundle string) (specs.Process, error) {`
`213`	`213`	`p.User.UID = uint32(uid)`
`214`	`214`	`}`
`215`	`215`	`for _, gid := range context.Int64Slice("additional-gids") {`
	`216`	`+ if gid < 0 {`
	`217`	`+ return nil, fmt.Errorf("additional-gids must be a positive number %d", gid)`
	`218`	`+ }`
`216`	`219`	`p.User.AdditionalGids = append(p.User.AdditionalGids, uint32(gid))`
`217`	`220`	`}`
`218`	`221`	`return p, nil`
Original file line number	Diff line number	Diff line change
`@@ -114,6 +114,8 @@ function teardown() {`
`114`	`114`	`}`
`115`	`115`
`116`	`116`	`@test "runc exec --additional-gids" {`
	`117`	`+ requires root`
	`118`	`+`
`117`	`119`	`# run busybox detached`
`118`	`120`	`runc run -d --console-socket $CONSOLE_SOCKET test_busybox`
`119`	`121`	`[ "$status" -eq 0 ]`