func ensureNoPrivs() error {
if isRoot() {
return errors.New("still have non-zero UID or GID")
}
err := setuid.Setuid(0)
if err == nil {
return errors.New("Can't drop privileges - setuid(0) still succeeded")
}
err = setuid.Setgid(0)
if err == nil {
return errors.New("Can't drop privileges - setgid(0) still succeeded")
}
if caps.HaveAny() {
return errors.New("Still have some capabilities after attempting to drop them")
}
return nil
}
// Returns true if either or both of the following are true:
//
// Any of the UID, EUID, GID or EGID are zero.
//
// On supported platforms which support capabilities (currently Linux), any
// capabilities are present.
func IsRoot() bool {
return caps.HaveAny() || isRoot()
}