master: Set RESTRICT_* environment even when drop_priv_before_exec=yes

Otherwise the executed process could still try to drop some of the
privileges (groups).

diff --git a/src/master/service-process.c b/src/master/service-process.c
index ac5eef1b8677c3813589b3fffc3f8b05aeea03db..35750815882d1219ecc68649acdf7b21680e0860 100644 (file)
--- a/src/master/service-process.c
+++ b/src/master/service-process.c
@@ -166,11 +166,10 @@ drop_privileges(struct service *service)
        }
        rset.extra_groups = service->extra_gids;
 
+       restrict_access_set_env(&rset);
        if (service->set->drop_priv_before_exec) {
                disallow_root = service->type == SERVICE_TYPE_LOGIN;
                restrict_access(&rset, NULL, disallow_root);
-       } else {
-               restrict_access_set_env(&rset);
        }
 }