From 04aa0cb9c46f0a5cd0cf5b4a4e378460423d2635 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 16 Jun 2010 16:39:28 +0200 Subject: [PATCH] execute: setup namespace after doing NSS calls --- src/execute.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/execute.c b/src/execute.c index b61c1f83..1a7871b4 100644 --- a/src/execute.c +++ b/src/execute.c @@ -914,19 +914,6 @@ int exec_spawn(ExecCommand *command, goto fail; } - if (strv_length(context->read_write_dirs) > 0 || - strv_length(context->read_only_dirs) > 0 || - strv_length(context->inaccessible_dirs) > 0 || - context->mount_flags != MS_SHARED || - context->private_tmp) - if ((r = setup_namespace( - context->read_write_dirs, - context->read_only_dirs, - context->inaccessible_dirs, - context->private_tmp, - context->mount_flags)) < 0) - goto fail; - if (context->user) { username = context->user; if (get_user_creds(&username, &uid, &gid, &home) < 0) { @@ -949,6 +936,19 @@ int exec_spawn(ExecCommand *command, umask(context->umask); + if (strv_length(context->read_write_dirs) > 0 || + strv_length(context->read_only_dirs) > 0 || + strv_length(context->inaccessible_dirs) > 0 || + context->mount_flags != MS_SHARED || + context->private_tmp) + if ((r = setup_namespace( + context->read_write_dirs, + context->read_only_dirs, + context->inaccessible_dirs, + context->private_tmp, + context->mount_flags)) < 0) + goto fail; + if (apply_chroot) { if (context->root_directory) if (chroot(context->root_directory) < 0) { -- 2.39.5