namespace: invoke unshare() only after checking all parameters

Let's create the new namespace only after we validated and processed all
parameters, right before we start with actually mounting things.

This way, the window where we can roll back is larger (not that it matters
IRL...)

diff --git a/src/core/namespace.c b/src/core/namespace.c
index 498cd139bf85bde5eece2e442979382e7a29f757..356d3c8121bd9450c3f578516a869e3e2adf3c84 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -462,9 +462,6 @@ int setup_namespace(
         if (mount_flags == 0)
                 mount_flags = MS_SHARED;
 
-        if (unshare(CLONE_NEWNS) < 0)
-                return -errno;
-
         n = !!tmp_dir + !!var_tmp_dir +
                 strv_length(read_write_paths) +
                 strv_length(read_only_paths) +
@@ -606,6 +603,9 @@ int setup_namespace(
                 drop_nop(mounts, &n);
         }
 
+        if (unshare(CLONE_NEWNS) < 0)
+                return -errno;
+
         if (n > 0 || root_directory) {
                 /* Remount / as SLAVE so that nothing now mounted in the namespace
                    shows up in the parent */