diff options
author | Djalal Harouni <tixxdz@opendz.org> | 2016-10-21 22:22:56 +0200 |
---|---|---|
committer | Djalal Harouni <tixxdz@opendz.org> | 2016-10-23 23:27:20 +0200 |
commit | 8b6903ad4d0dc94cd0098f453a4ea8ab24a4a3f7 (patch) | |
tree | 1d7852d06ebcfb39f5132eb28d8bb3c3ca4e5beb | |
parent | bf9ace96fc764fb6c795790a5febade4689f9aba (diff) |
core: lets move the setup of working directory before group enforce
This is minor but lets try to split and move bit by bit cgroups and
portable environment setup before applying the security context.
-rw-r--r-- | src/core/execute.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 874f035b2e..a9b2b8f299 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -2632,6 +2632,13 @@ static int exec_child( } } + if (context->working_directory_home) + wd = home; + else if (context->working_directory) + wd = context->working_directory; + else + wd = "/"; + /* Drop group as early as possbile */ if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) { r = enforce_groups(context, gid, supplementary_gids, ngids); @@ -2641,13 +2648,6 @@ static int exec_child( } } - if (context->working_directory_home) - wd = home; - else if (context->working_directory) - wd = context->working_directory; - else - wd = "/"; - if (params->flags & EXEC_APPLY_CHROOT) { if (!needs_mount_namespace && context->root_directory) if (chroot(context->root_directory) < 0) { |