diff mbox

[LEDE-DEV,procd,3/7] jail: call build_envp() just before execve()

Message ID 1464565158-18043-3-git-send-email-champetier.etienne@gmail.com
State Accepted
Headers show

Commit Message

Etienne Champetier May 29, 2016, 11:39 p.m. UTC 
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
---
 jail/jail.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
diff mbox

Patch

diff --git a/jail/jail.c b/jail/jail.c
index 95d6237..e86ee14 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -230,10 +230,6 @@  and will only drop capabilities/apply seccomp filter.\n\n");
 
 static int exec_jail(void)
 {
-	char **envp = build_envp(opts.seccomp);
-	if (!envp)
-		exit(EXIT_FAILURE);
-
 	if (opts.capabilities && drop_capabilities(opts.capabilities))
 		exit(EXIT_FAILURE);
 
@@ -242,6 +238,10 @@  static int exec_jail(void)
 		exit(EXIT_FAILURE);
 	}
 
+	char **envp = build_envp(opts.seccomp);
+	if (!envp)
+		exit(EXIT_FAILURE);
+
 	INFO("exec-ing %s\n", *opts.jail_argv);
 	execve(*opts.jail_argv, opts.jail_argv, envp);
 	/* we get there only if execve fails */