From: Lennart Poettering Date: Wed, 16 Jun 2010 14:39:28 +0000 (+0200) Subject: execute: setup namespace after doing NSS calls X-Git-Tag: v1~183 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=04aa0cb9c46f0a5cd0cf5b4a4e378460423d2635;hp=df1f0afe0c0d044a42ee726fa03730291d7082ee execute: setup namespace after doing NSS calls --- diff --git a/src/execute.c b/src/execute.c index b61c1f838..1a7871b4e 100644 --- a/src/execute.c +++ b/src/execute.c @@ -914,19 +914,6 @@ int exec_spawn(ExecCommand *command, goto fail; } - if (strv_length(context->read_write_dirs) > 0 || - strv_length(context->read_only_dirs) > 0 || - strv_length(context->inaccessible_dirs) > 0 || - context->mount_flags != MS_SHARED || - context->private_tmp) - if ((r = setup_namespace( - context->read_write_dirs, - context->read_only_dirs, - context->inaccessible_dirs, - context->private_tmp, - context->mount_flags)) < 0) - goto fail; - if (context->user) { username = context->user; if (get_user_creds(&username, &uid, &gid, &home) < 0) { @@ -949,6 +936,19 @@ int exec_spawn(ExecCommand *command, umask(context->umask); + if (strv_length(context->read_write_dirs) > 0 || + strv_length(context->read_only_dirs) > 0 || + strv_length(context->inaccessible_dirs) > 0 || + context->mount_flags != MS_SHARED || + context->private_tmp) + if ((r = setup_namespace( + context->read_write_dirs, + context->read_only_dirs, + context->inaccessible_dirs, + context->private_tmp, + context->mount_flags)) < 0) + goto fail; + if (apply_chroot) { if (context->root_directory) if (chroot(context->root_directory) < 0) {