Move initial namespace setup to security_manager_prepare_app_candidate()

Change-Id: I43f316b8e074ff18462388b64793cbc3e2d895c1

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 8a156654f39e4005be2ad2bcace9157d2fc074bb..f258fd50f22bd3cc50576a8a653a57d3cf30f40a 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -796,14 +796,10 @@ int security_manager_drop_process_privileges(void)
 static int setupSharedRO(const std::string &pkg_name, bool enabledSharedRO, const std::string &userAppsRWDir,
         const std::string &userAppsRWSharedDir)
 {
-    int ret;
+    int ret = SECURITY_MANAGER_SUCCESS;
     std::string userPkgAppsRWSharedDir;
     std::string userPkgAppsRWSharedTmpDir;
 
-    ret = MountNS::makeMountSlave("/");
-    if (ret != SECURITY_MANAGER_SUCCESS)
-        return ret;
-
     if (enabledSharedRO) {
         userPkgAppsRWSharedDir = userAppsRWSharedDir + pkg_name;
         userPkgAppsRWSharedTmpDir = userAppsRWDir + "/.shared_tmp/" + pkg_name;
@@ -878,7 +874,12 @@ int security_manager_prepare_app_candidate(void)
                  "Abort launching the application, as it may have too high privileges and pose risk to the system.");
         return SECURITY_MANAGER_ERROR_INPUT_PARAM;
     }
-    return MountNS::createMountNamespace();
+
+    int ret = MountNS::createMountNamespace();
+    if (ret != SECURITY_MANAGER_SUCCESS)
+        return ret;
+
+    return MountNS::makeMountSlave("/");
 }
 
 static inline int security_manager_setup_namespace_internal(const MountNS::PrivilegePathsMap &privilegePathMap,