mirror of
https://github.com/systemd/systemd.git
synced 2025-01-10 05:18:17 +03:00
execute: setup namespace after doing NSS calls
This commit is contained in:
parent
df1f0afe0c
commit
04aa0cb9c4
@ -914,19 +914,6 @@ int exec_spawn(ExecCommand *command,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (strv_length(context->read_write_dirs) > 0 ||
|
||||
strv_length(context->read_only_dirs) > 0 ||
|
||||
strv_length(context->inaccessible_dirs) > 0 ||
|
||||
context->mount_flags != MS_SHARED ||
|
||||
context->private_tmp)
|
||||
if ((r = setup_namespace(
|
||||
context->read_write_dirs,
|
||||
context->read_only_dirs,
|
||||
context->inaccessible_dirs,
|
||||
context->private_tmp,
|
||||
context->mount_flags)) < 0)
|
||||
goto fail;
|
||||
|
||||
if (context->user) {
|
||||
username = context->user;
|
||||
if (get_user_creds(&username, &uid, &gid, &home) < 0) {
|
||||
@ -949,6 +936,19 @@ int exec_spawn(ExecCommand *command,
|
||||
|
||||
umask(context->umask);
|
||||
|
||||
if (strv_length(context->read_write_dirs) > 0 ||
|
||||
strv_length(context->read_only_dirs) > 0 ||
|
||||
strv_length(context->inaccessible_dirs) > 0 ||
|
||||
context->mount_flags != MS_SHARED ||
|
||||
context->private_tmp)
|
||||
if ((r = setup_namespace(
|
||||
context->read_write_dirs,
|
||||
context->read_only_dirs,
|
||||
context->inaccessible_dirs,
|
||||
context->private_tmp,
|
||||
context->mount_flags)) < 0)
|
||||
goto fail;
|
||||
|
||||
if (apply_chroot) {
|
||||
if (context->root_directory)
|
||||
if (chroot(context->root_directory) < 0) {
|
||||
|
Loading…
Reference in New Issue
Block a user