jail: deny setgroups() before initializing the {U,G}ID maps

This just makes things easier to read in strace.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c
index 16c3fc8c25e1ba74f2d2d2a88a5c47a9b927a856..86f8d41aa1e8706fc8b78403ae9e6c91f2805029 100644 (file)
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -1036,13 +1036,13 @@ static int pakfire_jail_wait_for_signal(struct pakfire_jail* jail, int fd) {
 static int pakfire_jail_parent(struct pakfire_jail* jail, struct pakfire_jail_exec* ctx) {
        int r;
 
-       // Setup UID mapping
-       r = pakfire_jail_setup_uid_mapping(jail, ctx->pid);
+       // Write "deny" to /proc/PID/setgroups
+       r = pakfire_jail_setgroups(jail, ctx->pid);
        if (r)
                return r;
 
-       // Write "deny" to /proc/PID/setgroups
-       r = pakfire_jail_setgroups(jail, ctx->pid);
+       // Setup UID mapping
+       r = pakfire_jail_setup_uid_mapping(jail, ctx->pid);
        if (r)
                return r;