close_session = true;
- if ((pam_code = pam_setcred(handle, PAM_ESTABLISH_CRED | PAM_SILENT)) != PAM_SUCCESS)
- goto fail;
-
if ((!(e = pam_getenvlist(handle)))) {
pam_code = PAM_BUF_ERR;
goto fail;
* cleanups, so forget about the handle here. */
handle = NULL;
- /* Unblock SIGSUR1 again in the parent */
+ /* Unblock SIGTERM again in the parent */
if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
goto fail;
}
}
+ if (apply_permissions)
+ if (enforce_groups(context, username, uid) < 0) {
+ r = EXIT_GROUP;
+ goto fail_child;
+ }
+
+ umask(context->umask);
+
#ifdef HAVE_PAM
if (context->pam_name && username) {
if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
}
#endif
- if (apply_permissions)
- if (enforce_groups(context, username, uid) < 0) {
- r = EXIT_GROUP;
- goto fail_child;
- }
-
- umask(context->umask);
-
if (strv_length(context->read_write_dirs) > 0 ||
strv_length(context->read_only_dirs) > 0 ||
strv_length(context->inaccessible_dirs) > 0 ||
~ianmdlvl / elogind.git / blobdiff