2 files changed, 22 insertions, 0 deletions

diff --git a/support/fuse.h b/support/fuse.h
index 7b246de..f379cc7 100644
--- a/support/fuse.h
+++ b/support/fuse.h
@@ -96,6 +96,7 @@ void *support_fuse_cast_name_internal (struct fuse_in_header *, uint32_t,
 #define support_fuse_payload_type_READ struct fuse_read_in
 #define support_fuse_payload_type_SETATTR struct fuse_setattr_in
 #define support_fuse_payload_type_WRITE struct fuse_write_in
+#define support_fuse_payload_type_COPY_FILE_RANGE struct fuse_copy_file_range_in
 #define support_fuse_cast(typ, inh)                     \
   ((support_fuse_payload_type_##typ *)                  \
    support_fuse_cast_internal ((inh), FUSE_##typ))
diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c
index b4e4bf9..c89e65b 100644
--- a/support/support_capture_subprocess.c
+++ b/support/support_capture_subprocess.c
@@ -133,6 +133,27 @@ copy_and_spawn_sgid (const char *child_id, gid_t gid)
   if (chmod (execname, 02750) != 0)
     FAIL_UNSUPPORTED ("cannot make \"%s\" SGID: %m ", execname);
 
+  /* Now we can drop the privilege of that group.  */
+  const int count = 64;
+  gid_t groups[count];
+  int ngroups = getgroups(count, groups);
+
+  if (ngroups < 0)
+    FAIL_UNSUPPORTED ("Could not get group list again for user %jd\n",
+		      (intmax_t) getuid ());
+
+  int n = 0;
+  for (int i = 0; i < ngroups; i++)
+    {
+      if (groups[i] != gid)
+	{
+	  if (n != i)
+	    groups[n] = groups[i];
+	  n++;
+	}
+    }
+  setgroups (n, groups);
+
   /* We have the binary, now spawn the subprocess.  Avoid using
      support_subprogram because we only want the program exit status, not the
      contents.  */