chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: df1f0af)
execute: setup namespace after doing NSS calls
authorLennart Poettering <lennart@poettering.net>
Wed, 16 Jun 2010 14:39:28 +0000 (16:39 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 16 Jun 2010 14:39:28 +0000 (16:39 +0200)
src/execute.c patch | blob | history

diff --git a/src/execute.c b/src/execute.c
index b61c1f838b0377dbc23283742e32a238dc360ece..1a7871b4e030b374b4699a0bc8f91362a91b209c 100644 (file)
--- a/src/execute.c
+++ b/src/execute.c
@@ -914,19 +914,6 @@ int exec_spawn(ExecCommand *command,
                                 goto fail;
                         }
 
-                if (strv_length(context->read_write_dirs) > 0 ||
-                    strv_length(context->read_only_dirs) > 0 ||
-                    strv_length(context->inaccessible_dirs) > 0 ||
-                    context->mount_flags != MS_SHARED ||
-                    context->private_tmp)
-                        if ((r = setup_namespace(
-                                             context->read_write_dirs,
-                                             context->read_only_dirs,
-                                             context->inaccessible_dirs,
-                                             context->private_tmp,
-                                             context->mount_flags)) < 0)
-                                goto fail;
-
                 if (context->user) {
                         username = context->user;
                         if (get_user_creds(&username, &uid, &gid, &home) < 0) {
@@ -949,6 +936,19 @@ int exec_spawn(ExecCommand *command,
 
                 umask(context->umask);
 
+                if (strv_length(context->read_write_dirs) > 0 ||
+                    strv_length(context->read_only_dirs) > 0 ||
+                    strv_length(context->inaccessible_dirs) > 0 ||
+                    context->mount_flags != MS_SHARED ||
+                    context->private_tmp)
+                        if ((r = setup_namespace(
+                                             context->read_write_dirs,
+                                             context->read_only_dirs,
+                                             context->inaccessible_dirs,
+                                             context->private_tmp,
+                                             context->mount_flags)) < 0)
+                                goto fail;
+
                 if (apply_chroot) {
                         if (context->root_directory)
                                 if (chroot(context->root_directory) < 0) {
Unnamed repository; edit this file 'description' to name the repository.