From: Djalal Harouni <tixxdz@opendz.org>
Date: Fri, 21 Oct 2016 20:22:56 +0000 (+0200)
Subject: core: lets move the setup of working directory before group enforce
X-Git-Tag: v232~49^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8b6903ad4d0dc94cd0098f453a4ea8ab24a4a3f7;p=thirdparty%2Fsystemd.git

core: lets move the setup of working directory before group enforce

This is minor but lets try to split and move bit by bit cgroups and
portable environment setup before applying the security context.
---

diff --git a/src/core/execute.c b/src/core/execute.c
index 874f035b2e0..a9b2b8f299a 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2632,6 +2632,13 @@ static int exec_child(
                 }
         }
 
+        if (context->working_directory_home)
+                wd = home;
+        else if (context->working_directory)
+                wd = context->working_directory;
+        else
+                wd = "/";
+
         /* Drop group as early as possbile */
         if ((params->flags & EXEC_APPLY_PERMISSIONS) && !command->privileged) {
                 r = enforce_groups(context, gid, supplementary_gids, ngids);
@@ -2641,13 +2648,6 @@ static int exec_child(
                 }
         }
 
-        if (context->working_directory_home)
-                wd = home;
-        else if (context->working_directory)
-                wd = context->working_directory;
-        else
-                wd = "/";
-
         if (params->flags & EXEC_APPLY_CHROOT) {
                 if (!needs_mount_namespace && context->root_directory)
                         if (chroot(context->root_directory) < 0) {