From 8f3df4a1747f8dc6097abfc827007830cb0fbf59 Mon Sep 17 00:00:00 2001 From: Etienne CHAMPETIER Date: Sun, 29 May 2016 23:39:14 +0000 Subject: [PATCH] jail: call build_envp() just before execve() Signed-off-by: Etienne CHAMPETIER --- jail/jail.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jail/jail.c b/jail/jail.c index 95d6237..e86ee14 100644 --- a/jail/jail.c +++ b/jail/jail.c @@ -230,10 +230,6 @@ and will only drop capabilities/apply seccomp filter.\n\n"); static int exec_jail(void) { - char **envp = build_envp(opts.seccomp); - if (!envp) - exit(EXIT_FAILURE); - if (opts.capabilities && drop_capabilities(opts.capabilities)) exit(EXIT_FAILURE); @@ -242,6 +238,10 @@ static int exec_jail(void) exit(EXIT_FAILURE); } + char **envp = build_envp(opts.seccomp); + if (!envp) + exit(EXIT_FAILURE); + INFO("exec-ing %s\n", *opts.jail_argv); execve(*opts.jail_argv, opts.jail_argv, envp); /* we get there only if execve fails */ -- 2.30.2