core: lets move the setup of working directory before group enforce

This is minor but lets try to split and move bit by bit cgroups and
portable environment setup before applying the security context.

diff --git a/src/core/execute.c b/src/core/execute.c
index 874f035b2e01f4c705c3ebab0de1c555f1d12214..a9b2b8f299a7d1aa2a402f25ec20c07334d38dc6 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2632,6 +2632,13 @@ static int exec_child(
                 }
         }
 
+        if (context->working_directory_home)
+                wd = home;
+        else if (context->working_directory)
+                wd = context->working_directory;
+        else
+                wd = "/";
+
         /* Drop group as early as possbile */
         if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) {
                 r = enforce_groups(context, gid, supplementary_gids, ngids);
@@ -2641,13 +2648,6 @@ static int exec_child(
                 }
         }
 
-        if (context->working_directory_home)
-                wd = home;
-        else if (context->working_directory)
-                wd = context->working_directory;
-        else
-                wd = "/";
-
         if (params->flags & EXEC_APPLY_CHROOT) {
                 if (!needs_mount_namespace && context->root_directory)
                         if (chroot(context->root_directory) < 0) {