Check the return value from DropRoot()

Unlike the other brillo::Minijail methods, this one can fail if the
username lookup does not succeed.


Change-Id: Id1d5059fb155c1a227033af0eba837ab37e96fe9
Commit-Ready: Kevin Cernekee <>
Tested-by: Kevin Cernekee <>
Reviewed-by: Mattias Nissler <>
Reviewed-by: Jorge Lucangeli Obes <>
diff --git a/ b/
index 992df58..93d2f95 100644
--- a/
+++ b/
@@ -475,7 +475,7 @@
 #if !defined(__ANDROID__)
   // TODO(garnold) This needs to be re-enabled once we figure out which
   // unprivileged user we want to use.
-  m->DropRoot(jail, kUnprivilegedUser, kUnprivilegedUser);
+  CHECK(m->DropRoot(jail, kUnprivilegedUser, kUnprivilegedUser));
 #endif  // __ANDROID__
   m->UseCapabilities(jail, capmask);