shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-14 04:58:28 +03:00
Code

core: lets apply working directory just after mount namespaces

Browse Source 
This makes applying groups after applying the working directory, this
may allow some flexibility but at same it is not a big deal since we
don't execute or do anything between applying working directory and
droping groups.
This commit is contained in:
Djalal Harouni 2016-10-25 16:24:35 +02:00
parent 2b3c1b9e9d
commit 50b3dfb9d6
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/core/execute.c
View File

@ -2559,6 +2559,13 @@ static int exec_child(
}
}
/* Apply just after mount namespace setup */
r = apply_working_directory(context, params, home, needs_mount_namespace);
if (r < 0) {
*exit_status = EXIT_CHROOT;
return r;
}
/* Drop group as early as possbile */
if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) {
r = enforce_groups(context, gid, supplementary_gids, ngids);
@ -2568,12 +2575,6 @@ static int exec_child(
}
}
r = apply_working_directory(context, params, home, needs_mount_namespace);
if (r < 0) {
*exit_status = EXIT_CHROOT;
return r;
}
#ifdef HAVE_SELINUX
if ((params->flags & EXEC_APPLY_PERMISSIONS) &&
mac_selinux_use() &&