chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
64747e2
)
execute: do initgroups() first, pam initialization second so that it can still modify...
author
Lennart Poettering
<lennart@poettering.net>
Thu, 30 Jun 2011 00:15:01 +0000
(
02:15
+0200)
committer
Lennart Poettering
<lennart@poettering.net>
Thu, 30 Jun 2011 00:15:01 +0000
(
02:15
+0200)
src/execute.c
patch
|
blob
|
history
diff --git
a/src/execute.c
b/src/execute.c
index 6f0f5d09d96b551239e7707d71290305ee825026..cb5584354293cdb3375838e1eeb44fe3e896214c 100644
(file)
--- a/
src/execute.c
+++ b/
src/execute.c
@@
-886,7
+886,7
@@
static int setup_pam(
* cleanups, so forget about the handle here. */
handle = NULL;
* cleanups, so forget about the handle here. */
handle = NULL;
- /* Unblock SIG
SUR1
again in the parent */
+ /* Unblock SIG
TERM
again in the parent */
if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
goto fail;
if (sigprocmask(SIG_SETMASK, &old_ss, NULL) < 0)
goto fail;
@@
-1255,6
+1255,14
@@
int exec_spawn(ExecCommand *command,
}
}
}
}
+ if (apply_permissions)
+ if (enforce_groups(context, username, uid) < 0) {
+ r = EXIT_GROUP;
+ goto fail_child;
+ }
+
+ umask(context->umask);
+
#ifdef HAVE_PAM
if (context->pam_name && username) {
if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
#ifdef HAVE_PAM
if (context->pam_name && username) {
if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
@@
-1264,14
+1272,6
@@
int exec_spawn(ExecCommand *command,
}
#endif
}
#endif
- if (apply_permissions)
- if (enforce_groups(context, username, uid) < 0) {
- r = EXIT_GROUP;
- goto fail_child;
- }
-
- umask(context->umask);
-
if (strv_length(context->read_write_dirs) > 0 ||
strv_length(context->read_only_dirs) > 0 ||
strv_length(context->inaccessible_dirs) > 0 ||
if (strv_length(context->read_write_dirs) > 0 ||
strv_length(context->read_only_dirs) > 0 ||
strv_length(context->inaccessible_dirs) > 0 ||