summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
authorRonny Chevalier <chevalier.ronny@gmail.com>2015-09-21 15:45:51 +0200
committerRonny Chevalier <chevalier.ronny@gmail.com>2015-09-21 18:14:44 +0200
commit5bc7452b3219456e07f931e40da30bb94a884293 (patch)
tree6d76fb54e5e74c958f81cb2a86528296ef08395d /src/core
parentcc3ddc851fbe5adf9dfc7e4a702a8b5b6a1186d6 (diff)
core: fix group ownership when Group is set
When Group is set in the unit, the runtime directories are owned by this group and not the default group of the user (same for cgroup paths and standard outputs) Fix #1231
Diffstat (limited to 'src/core')
-rw-r--r--src/core/execute.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 3c308e3e3e..6e14848cd4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -629,15 +629,6 @@ static int enforce_groups(const ExecContext *context, const char *username, gid_
* we avoid NSS lookups for gid=0. */
if (context->group || username) {
-
- if (context->group) {
- const char *g = context->group;
-
- r = get_group_creds(&g, &gid);
- if (r < 0)
- return r;
- }
-
/* First step, initialize groups from /etc/groups */
if (username && gid != 0) {
if (initgroups(username, gid) < 0)
@@ -1414,6 +1405,17 @@ static int exec_child(
}
}
+ if (context->group) {
+ const char *g = context->group;
+
+ r = get_group_creds(&g, &gid);
+ if (r < 0) {
+ *exit_status = EXIT_GROUP;
+ return r;
+ }
+ }
+
+
/* If a socket is connected to STDIN/STDOUT/STDERR, we
* must sure to drop O_NONBLOCK */
if (socket_fd >= 0)