+ struct passwd *p = NULL;
+ struct group *g = NULL;
+
+ if (opts.capabilities && drop_capabilities(opts.capabilities))
+ exit(EXIT_FAILURE);
+
+ if (opts.no_new_privs && prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
+ ERROR("prctl(PR_SET_NO_NEW_PRIVS) failed: %m\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (opts.namespace && opts.hostname && strlen(opts.hostname) > 0
+ && sethostname(opts.hostname, strlen(opts.hostname))) {
+ ERROR("sethostname(%s) failed: %m\n", opts.hostname);
+ exit(EXIT_FAILURE);
+ }
+
+ if (opts.namespace && build_jail_fs()) {
+ ERROR("failed to build jail fs\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (opts.user) {
+ p = getpwnam(opts.user);
+ if (!p) {
+ ERROR("failed to get uid/gid for user %s: %d (%s)\n",
+ opts.user, errno, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ if (opts.group) {
+ g = getgrnam(opts.group);
+ if (!g) {
+ ERROR("failed to get gid for group %s: %m\n", opts.group);
+ exit(EXIT_FAILURE);
+ }
+ }
+
+ if (p && p->pw_gid && initgroups(opts.user, p->pw_gid)) {
+ ERROR("failed to initgroups() for user %s: %m\n", opts.user);
+ exit(EXIT_FAILURE);
+ }
+
+ if (g && g->gr_gid && setgid(g->gr_gid)) {
+ ERROR("failed to set group id %d: %m\n", g?g->gr_gid:p->pw_gid);
+ exit(EXIT_FAILURE);