jail: call build_envp() just before execve()

author Etienne CHAMPETIER <[email protected]>

Sun, 29 May 2016 23:39:14 +0000 (23:39 +0000)

committer John Crispin <[email protected]>

Wed, 1 Jun 2016 08:27:35 +0000 (10:27 +0200)
author Etienne CHAMPETIER <[email protected]>
Sun, 29 May 2016 23:39:14 +0000 (23:39 +0000)
committer John Crispin <[email protected]>
Wed, 1 Jun 2016 08:27:35 +0000 (10:27 +0200)
diff --git a/jail/jail.c b/jail/jail.c

index 95d6237419498696869c2658391886cff2dafdb8..e86ee14ddd7596af0b092b10622e00febe7a17d5 100644 (file)
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -230,10 +230,6 @@ and will only drop capabilities/apply seccomp filter.\n\n");
  
  static int exec_jail(void)
  {
-       char **envp = build_envp(opts.seccomp);
-       if (!envp)
-               exit(EXIT_FAILURE);
-
         if (opts.capabilities && drop_capabilities(opts.capabilities))
                 exit(EXIT_FAILURE);
  
@@ -242,6 +238,10 @@ static int exec_jail(void)
                 exit(EXIT_FAILURE);
         }
  
+       char **envp = build_envp(opts.seccomp);
+       if (!envp)
+               exit(EXIT_FAILURE);
+
         INFO("exec-ing %s\n", *opts.jail_argv);
         execve(*opts.jail_argv, opts.jail_argv, envp);
         /* we get there only if execve fails */
author	Etienne CHAMPETIER <[email protected]>
	Sun, 29 May 2016 23:39:14 +0000 (23:39 +0000)
committer	John Crispin <[email protected]>
	Wed, 1 Jun 2016 08:27:35 +0000 (10:27 +0200)