execute: setup namespace after doing NSS calls
This commit is contained in:
parent
df1f0afe0c
commit
04aa0cb9c4
|
@ -914,19 +914,6 @@ int exec_spawn(ExecCommand *command,
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strv_length(context->read_write_dirs) > 0 ||
|
|
||||||
strv_length(context->read_only_dirs) > 0 ||
|
|
||||||
strv_length(context->inaccessible_dirs) > 0 ||
|
|
||||||
context->mount_flags != MS_SHARED ||
|
|
||||||
context->private_tmp)
|
|
||||||
if ((r = setup_namespace(
|
|
||||||
context->read_write_dirs,
|
|
||||||
context->read_only_dirs,
|
|
||||||
context->inaccessible_dirs,
|
|
||||||
context->private_tmp,
|
|
||||||
context->mount_flags)) < 0)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
if (context->user) {
|
if (context->user) {
|
||||||
username = context->user;
|
username = context->user;
|
||||||
if (get_user_creds(&username, &uid, &gid, &home) < 0) {
|
if (get_user_creds(&username, &uid, &gid, &home) < 0) {
|
||||||
|
@ -949,6 +936,19 @@ int exec_spawn(ExecCommand *command,
|
||||||
|
|
||||||
umask(context->umask);
|
umask(context->umask);
|
||||||
|
|
||||||
|
if (strv_length(context->read_write_dirs) > 0 ||
|
||||||
|
strv_length(context->read_only_dirs) > 0 ||
|
||||||
|
strv_length(context->inaccessible_dirs) > 0 ||
|
||||||
|
context->mount_flags != MS_SHARED ||
|
||||||
|
context->private_tmp)
|
||||||
|
if ((r = setup_namespace(
|
||||||
|
context->read_write_dirs,
|
||||||
|
context->read_only_dirs,
|
||||||
|
context->inaccessible_dirs,
|
||||||
|
context->private_tmp,
|
||||||
|
context->mount_flags)) < 0)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
if (apply_chroot) {
|
if (apply_chroot) {
|
||||||
if (context->root_directory)
|
if (context->root_directory)
|
||||||
if (chroot(context->root_directory) < 0) {
|
if (chroot(context->root_directory) < 0) {
|
||||||
|
|
Loading…
Reference in a new issue