supervise-daemon: fix: pam_start before chrooting

pam_start(3) must be called before chroot(2) for chroots that do not have PAM-related files present.
OpenRC · Apr 17, 2022 · 9ad6db1 · 9ad6db1
1 parent db55135
commit 9ad6db1
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/src/supervise-daemon/supervise-daemon.c b/src/supervise-daemon/supervise-daemon.c
@@ -406,12 +406,6 @@ static void child_process(char *exec, char **argv)
 		fclose(fp);
 	}
 
-	if (ch_root && chroot(ch_root) < 0)
-		eerrorx("%s: chroot `%s': %s", applet, ch_root, strerror(errno));
-
-	if (ch_dir && chdir(ch_dir) < 0)
-		eerrorx("%s: chdir `%s': %s", applet, ch_dir, strerror(errno));
-
 #ifdef HAVE_PAM
 	if (changeuser != NULL) {
 		pamr = pam_start("supervise-daemon",
@@ -426,6 +420,12 @@ static void child_process(char *exec, char **argv)
 	}
 #endif
 
+	if (ch_root && chroot(ch_root) < 0)
+		eerrorx("%s: chroot `%s': %s", applet, ch_root, strerror(errno));
+
+	if (ch_dir && chdir(ch_dir) < 0)
+		eerrorx("%s: chdir `%s': %s", applet, ch_dir, strerror(errno));
+
 	if (gid && setgid(gid))
 		eerrorx("%s: unable to set groupid to %d", applet, gid);
 	if (changeuser && initgroups(changeuser, gid))