diff options
-rw-r--r-- | src/core/execute.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 0b6fcc9ac7..a9e39f6fd7 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -2559,6 +2559,13 @@ static int exec_child( } } + /* Apply just after mount namespace setup */ + r = apply_working_directory(context, params, home, needs_mount_namespace); + if (r < 0) { + *exit_status = EXIT_CHROOT; + return r; + } + /* Drop group as early as possbile */ if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) { r = enforce_groups(context, gid, supplementary_gids, ngids); @@ -2568,12 +2575,6 @@ static int exec_child( } } - r = apply_working_directory(context, params, home, needs_mount_namespace); - if (r < 0) { - *exit_status = EXIT_CHROOT; - return r; - } - #ifdef HAVE_SELINUX if ((params->flags & EXEC_APPLY_PERMISSIONS) && mac_selinux_use() && |