From: Etienne CHAMPETIER Date: Sun, 29 May 2016 23:39:14 +0000 (+0000) Subject: jail: call build_envp() just before execve() X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=8f3df4a1747f8dc6097abfc827007830cb0fbf59;p=project%2Fprocd.git jail: call build_envp() just before execve() Signed-off-by: Etienne CHAMPETIER --- diff --git a/jail/jail.c b/jail/jail.c index 95d6237..e86ee14 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -230,10 +230,6 @@ and will only drop capabilities/apply seccomp filter.\n\n"); static int exec_jail(void) { - char **envp = build_envp(opts.seccomp); - if (!envp) - exit(EXIT_FAILURE); - if (opts.capabilities && drop_capabilities(opts.capabilities)) exit(EXIT_FAILURE); @@ -242,6 +238,10 @@ static int exec_jail(void) exit(EXIT_FAILURE); } + char **envp = build_envp(opts.seccomp); + if (!envp) + exit(EXIT_FAILURE); + INFO("exec-ing %s\n", *opts.jail_argv); execve(*opts.jail_argv, opts.jail_argv, envp); /* we get there only if execve fails */