Move initial namespace setup to security_manager_prepare_app_candidate()

Change-Id: I43f316b8e074ff18462388b64793cbc3e2d895c1

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 19da56a43f4fa93e191a949af2142ed5af1f701d..a12cec5b5845c2f20fa958cb3ba044895158a7cc 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -779,14 +779,10 @@ int security_manager_drop_process_privileges(void)
 static int setupSharedRO(const std::string &pkg_name, bool enabledSharedRO, const std::string &userAppsRWDir,
         const std::string &userAppsRWSharedDir)
 {
-    int ret;
+    int ret = SECURITY_MANAGER_SUCCESS;
     std::string userPkgAppsRWSharedDir;
     std::string userPkgAppsRWSharedTmpDir;
 
-    ret = MountNS::makeMountSlave("/");
-    if (ret != SECURITY_MANAGER_SUCCESS)
-        return ret;
-
     if (enabledSharedRO) {
         userPkgAppsRWSharedDir = userAppsRWSharedDir + pkg_name;
         userPkgAppsRWSharedTmpDir = userAppsRWDir + "/.shared_tmp/" + pkg_name;
@@ -861,7 +857,12 @@ int security_manager_prepare_app_candidate(void)
                  "Abort launching the application, as it may have too high privileges and pose risk to the system.");
         return SECURITY_MANAGER_ERROR_INPUT_PARAM;
     }
-    return MountNS::createMountNamespace();
+
+    int ret = MountNS::createMountNamespace();
+    if (ret != SECURITY_MANAGER_SUCCESS)
+        return ret;
+
+    return MountNS::makeMountSlave("/");
 }
 
 static inline int security_manager_setup_namespace_internal(const MountNS::PrivilegePathsMap &privilegePathMap,