summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/core/execute.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 0b6fcc9ac7..a9e39f6fd7 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2559,6 +2559,13 @@ static int exec_child(
}
}
+ /* Apply just after mount namespace setup */
+ r = apply_working_directory(context, params, home, needs_mount_namespace);
+ if (r < 0) {
+ *exit_status = EXIT_CHROOT;
+ return r;
+ }
+
/* Drop group as early as possbile */
if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) {
r = enforce_groups(context, gid, supplementary_gids, ngids);
@@ -2568,12 +2575,6 @@ static int exec_child(
}
}
- r = apply_working_directory(context, params, home, needs_mount_namespace);
- if (r < 0) {
- *exit_status = EXIT_CHROOT;
- return r;
- }
-
#ifdef HAVE_SELINUX
if ((params->flags & EXEC_APPLY_PERMISSIONS) &&
mac_selinux_use() &&