summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/core/execute.c22
1 files changed, 9 insertions, 13 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index eef2dacc54..a7e2362236 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1582,18 +1582,15 @@ static int exec_child(
}
}
+ umask(context->umask);
+
if (params->apply_permissions) {
r = enforce_groups(context, username, gid);
if (r < 0) {
*exit_status = EXIT_GROUP;
return r;
}
- }
-
- umask(context->umask);
-
#ifdef HAVE_SMACK
- if (params->apply_permissions) {
if (context->smack_process_label) {
r = mac_smack_apply_pid(0, context->smack_process_label);
if (r < 0) {
@@ -1617,19 +1614,18 @@ static int exec_child(
return r;
}
}
- }
#endif
#endif
-
#ifdef HAVE_PAM
- if (params->apply_permissions && context->pam_name && username) {
- r = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
- if (r < 0) {
- *exit_status = EXIT_PAM;
- return r;
+ if (context->pam_name && username) {
+ r = setup_pam(context->pam_name, username, uid, context->tty_path, &pam_env, fds, n_fds);
+ if (r < 0) {
+ *exit_status = EXIT_PAM;
+ return r;
+ }
}
- }
#endif
+ }
if (context->private_network && runtime && runtime->netns_storage_socket[0] >= 0) {
r = setup_netns(runtime->netns_storage_socket);