Have starter also set supplemental groups We rely on these for resources accessed by some processes. Change-Id: Idf22b6263ebc313c8abb63fe93bce2cc3ef24274 Signed-off-by: James Kuszmaul <james.kuszmaul@bluerivertech.com>

commit: 4ff50278467b57bcaa33d1d052452de8a35f996c [log] [tgz]
author: James Kuszmaul <james.kuszmaul@bluerivertech.com> Fri Jan 07 18:31:13 2022 -0800
committer: James Kuszmaul <james.kuszmaul@bluerivertech.com> Fri Jan 07 18:31:13 2022 -0800
tree: 0c2ed3ab089fabb069ea404ad1f9403f5585ea6f
parent: 2ca441b75270f0d8807c2de328423c1637b36a01 [diff] [blame]
diff --git a/aos/starter/starterd.cc b/aos/starter/starterd.cc
index b40776d..a5a340a 100644
--- a/aos/starter/starterd.cc
+++ b/aos/starter/starterd.cc

@@ -24,6 +24,10 @@
         return 1;
       }
     }
+    // Change the real and effective IDs to the user we're running as. The
+    // effective IDs mean files we access (like shared memory) will happen as
+    // that user. The real IDs allow child processes with an different effective
+    // ID to still participate in signal sending/receiving.
     constexpr int kUnchanged = -1;
     if (setresgid(/* ruid */ gid, /* euid */ gid,
                   /* suid */ kUnchanged) != 0) {
commit	4ff50278467b57bcaa33d1d052452de8a35f996c	[log] [tgz]
author	James Kuszmaul <james.kuszmaul@bluerivertech.com>	Fri Jan 07 18:31:13 2022 -0800
committer	James Kuszmaul <james.kuszmaul@bluerivertech.com>	Fri Jan 07 18:31:13 2022 -0800
tree	0c2ed3ab089fabb069ea404ad1f9403f5585ea6f
parent	2ca441b75270f0d8807c2de328423c1637b36a01 [diff] [blame]