summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDjalal Harouni <tixxdz@opendz.org>2016-10-21 22:22:56 +0200
committerDjalal Harouni <tixxdz@opendz.org>2016-10-23 23:27:20 +0200
commit8b6903ad4d0dc94cd0098f453a4ea8ab24a4a3f7 (patch)
tree1d7852d06ebcfb39f5132eb28d8bb3c3ca4e5beb
parentbf9ace96fc764fb6c795790a5febade4689f9aba (diff)
core: lets move the setup of working directory before group enforce
This is minor but lets try to split and move bit by bit cgroups and portable environment setup before applying the security context.
-rw-r--r--src/core/execute.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 874f035b2e..a9b2b8f299 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2632,6 +2632,13 @@ static int exec_child(
}
}
+ if (context->working_directory_home)
+ wd = home;
+ else if (context->working_directory)
+ wd = context->working_directory;
+ else
+ wd = "/";
+
/* Drop group as early as possbile */
if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) {
r = enforce_groups(context, gid, supplementary_gids, ngids);
@@ -2641,13 +2648,6 @@ static int exec_child(
}
}
- if (context->working_directory_home)
- wd = home;
- else if (context->working_directory)
- wd = context->working_directory;
- else
- wd = "/";
-
if (params->flags & EXEC_APPLY_CHROOT) {
if (!needs_mount_namespace && context->root_directory)
if (chroot(context->root_directory) < 0) {