mirror of
https://github.com/python/cpython.git
synced 2026-06-22 19:12:50 -04:00
Itamar Oren
2ce260033b
The guard that skips the "chown to gid 0 should fail" assertion used only `os.getgroups()` (supplementary groups). The kernel also accepts the effective/filesystem gid for chown, so when a process runs with egid 0 and a non-zero uid (common in containers and user namespaces), chown(-1, 0) succeeds and the assertion spuriously fails. Add an `os.getegid() != 0` check alongside the existing `0 not in os.getgroups()` guard.