From 88acea0899aaa304784a1e6c4ab72480dc3e874b Mon Sep 17 00:00:00 2001
From: Simon Fels <morphis@gravedo.de>
Date: Mon, 20 Jun 2016 08:27:37 +0200
Subject: [PATCH] Unset any groups when entering the container

---
 src/anbox/container_connector.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/anbox/container_connector.cpp b/src/anbox/container_connector.cpp
index 2d832c5..cb02454 100644
--- a/src/anbox/container_connector.cpp
+++ b/src/anbox/container_connector.cpp
@@ -30,6 +30,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <grp.h>
 
 namespace fs = boost::filesystem;
 
@@ -75,6 +76,7 @@ int ContainerConnector::run(const std::string &path) {
 
         setuid(0);
         setgid(0);
+        setgroups(0, nullptr);
 
         chdir("/");
     });