From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 16 Aug 2022 12:44:47 +0000 (+0000)
Subject: jail: deny setgroups() before initializing the {U,G}ID maps
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d3d3d7b726d81e949942552faa5cfd7018e2d3ae;p=people%2Fstevee%2Fpakfire.git

jail: deny setgroups() before initializing the {U,G}ID maps

This just makes things easier to read in strace.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/jail.c b/src/libpakfire/jail.c
index 16c3fc8c..86f8d41a 100644
--- a/src/libpakfire/jail.c
+++ b/src/libpakfire/jail.c
@@ -1036,13 +1036,13 @@ static int pakfire_jail_wait_for_signal(struct pakfire_jail* jail, int fd) {
 static int pakfire_jail_parent(struct pakfire_jail* jail, struct pakfire_jail_exec* ctx) {
 	int r;
 
-	// Setup UID mapping
-	r = pakfire_jail_setup_uid_mapping(jail, ctx->pid);
+	// Write "deny" to /proc/PID/setgroups
+	r = pakfire_jail_setgroups(jail, ctx->pid);
 	if (r)
 		return r;
 
-	// Write "deny" to /proc/PID/setgroups
-	r = pakfire_jail_setgroups(jail, ctx->pid);
+	// Setup UID mapping
+	r = pakfire_jail_setup_uid_mapping(jail, ctx->pid);
 	if (r)
 		return r;