From: Lennart Poettering Date: Mon, 5 Feb 2024 16:11:12 +0000 (+0100) Subject: nspawn: and also add comment, making clear chdir() should come late X-Git-Tag: v256-rc1~961^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F31210%2Fhead;p=thirdparty%2Fsystemd.git nspawn: and also add comment, making clear chdir() should come late --- diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index 957bc582176..48394a3100e 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3522,6 +3522,9 @@ static int inner_child( if (!barrier_place_and_sync(barrier)) /* #5 */ return log_error_errno(SYNTHETIC_ERRNO(ESRCH), "Parent died too early"); + /* Note, this should be done this late (💣 and not moved earlier! 💣), so that all namespacing + * changes are already in effect by now, so that any resolved paths here definitely reference + * resources inside the container, and not outside of them. */ if (arg_chdir) if (chdir(arg_chdir) < 0) return log_error_errno(errno, "Failed to change to specified working directory %s: %m", arg_chdir);