diff options
| author | Evgeny Vereshchagin <evvers@ya.ru> | 2016-09-28 04:50:30 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-28 04:50:30 +0300 |
| commit | cc238590e472e8bbba6da262ac985ea59ad52c72 (patch) | |
| tree | fc9754e546ccb3a6355bd4157bc590ab93478469 /src/run/run.c | |
| parent | b8fafaf4a1cffd02389d61ed92ca7acb1b8c739c (diff) | |
| parent | cdfbd1fb26eb75fe6beca47dce7e5e348b077d97 (diff) | |
Merge pull request #4185 from endocode/djalal-sandbox-first-protection-v1
core:sandbox: Add new ProtectKernelTunables=, ProtectControlGroups=, ProtectSystem=strict and fixes
Diffstat (limited to 'src/run/run.c')
| -rw-r--r-- | src/run/run.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/run/run.c b/src/run/run.c index 2dd229868c..81b53fdfab 100644 --- a/src/run/run.c +++ b/src/run/run.c @@ -1168,17 +1168,21 @@ static int start_transient_scope( uid_t uid; gid_t gid; - r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell); + r = get_user_creds_clean(&arg_exec_user, &uid, &gid, &home, &shell); if (r < 0) return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user); - r = strv_extendf(&user_env, "HOME=%s", home); - if (r < 0) - return log_oom(); + if (home) { + r = strv_extendf(&user_env, "HOME=%s", home); + if (r < 0) + return log_oom(); + } - r = strv_extendf(&user_env, "SHELL=%s", shell); - if (r < 0) - return log_oom(); + if (shell) { + r = strv_extendf(&user_env, "SHELL=%s", shell); + if (r < 0) + return log_oom(); + } r = strv_extendf(&user_env, "USER=%s", arg_exec_user); if (r < 0) |