shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-12 09:17:44 +03:00
Code

core: lets move the setup of working directory before group enforce

Browse Source 
This is minor but lets try to split and move bit by bit cgroups and
portable environment setup before applying the security context.
This commit is contained in:
Djalal Harouni 2016-10-21 22:22:56 +02:00
parent bf9ace96fc
commit 8b6903ad4d
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/core/execute.c
View File

@ -2632,6 +2632,13 @@ static int exec_child(
}
}
if (context->working_directory_home)
wd = home;
else if (context->working_directory)
wd = context->working_directory;
else
wd = "/";
/* Drop group as early as possbile */
if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) {
r = enforce_groups(context, gid, supplementary_gids, ngids);
@ -2641,13 +2648,6 @@ static int exec_child(
}
}
if (context->working_directory_home)
wd = home;
else if (context->working_directory)
wd = context->working_directory;
else
wd = "/";
if (params->flags & EXEC_APPLY_CHROOT) {
if (!needs_mount_namespace && context->root_directory)
if (chroot(context->root_directory) < 0) {