diff options
| author | Etienne CHAMPETIER | 2016-05-29 23:39:14 +0000 |
|---|---|---|
| committer | John Crispin | 2016-06-01 08:27:35 +0000 |
| commit | 8f3df4a1747f8dc6097abfc827007830cb0fbf59 (patch) | |
| tree | 6db03a10abf3c06a237ba20a1de0f6549bcd4dd3 | |
| parent | 890adc9a79f1d6189917d6a149ed2a012844cb33 (diff) | |
| download | procd-8f3df4a1747f8dc6097abfc827007830cb0fbf59.tar.gz | |
jail: call build_envp() just before execve()
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
| -rw-r--r-- | jail/jail.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/jail/jail.c b/jail/jail.c index 95d6237..e86ee14 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -230,10 +230,6 @@ and will only drop capabilities/apply seccomp filter.\n\n"); static int exec_jail(void) { - char **envp = build_envp(opts.seccomp); - if (!envp) - exit(EXIT_FAILURE); - if (opts.capabilities && drop_capabilities(opts.capabilities)) exit(EXIT_FAILURE); @@ -242,6 +238,10 @@ static int exec_jail(void) exit(EXIT_FAILURE); } + char **envp = build_envp(opts.seccomp); + if (!envp) + exit(EXIT_FAILURE); + INFO("exec-ing %s\n", *opts.jail_argv); execve(*opts.jail_argv, opts.jail_argv, envp); /* we get there only if execve fails */ |