From f506a4c115c44003455cb956861836a46425f97b Mon Sep 17 00:00:00 2001
From: Laine Stump <laine@laine.org>
Date: Thu, 31 Jan 2013 13:18:45 -0500
Subject: [PATCH] util: make virSetUIDGID a NOP only when uid or gid is -1

Rather than treating uid:gid of 0:0 as a NOP, we blindly pass that
through to the lower layers. However, we *do* check for a requested
value of "-1" to mean "don't change this setting". setregid() and
setreuid() already interpret -1 as a NOP, so this is just an
optimization, but we are also calling getpwuid_r and initgroups, and
it's unclear what the former would do with a uid of -1.
---
 src/util/virutil.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/virutil.c b/src/util/virutil.c
index 24ba954949..0d7db00fc1 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2687,7 +2687,7 @@ virSetUIDGID(uid_t uid, gid_t gid)
     int err;
     char *buf = NULL;
 
-    if (gid > 0) {
+    if (gid != (gid_t)-1) {
         if (setregid(gid, gid) < 0) {
             virReportSystemError(err = errno,
                                  _("cannot change to '%d' group"),
@@ -2696,7 +2696,7 @@ virSetUIDGID(uid_t uid, gid_t gid)
         }
     }
 
-    if (uid > 0) {
+    if (uid != (uid_t)-1) {
 # ifdef HAVE_INITGROUPS
         struct passwd pwd, *pwd_result;
         size_t bufsize;