From 0a961c1cdbe73dd5f9077d21bd440895151533eb Mon Sep 17 00:00:00 2001 From: Zygmunt Krynicki Date: Mon, 11 Mar 2019 12:32:33 +0100 Subject: [PATCH] cmd/snap-confine: move definition of invocation earlier This will allow us to remove the locals that are duplicated in main. Signed-off-by: Zygmunt Krynicki --- cmd/snap-confine/snap-confine.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/cmd/snap-confine/snap-confine.c b/cmd/snap-confine/snap-confine.c index 1cc9910127b..fca67720c5f 100644 --- a/cmd/snap-confine/snap-confine.c +++ b/cmd/snap-confine/snap-confine.c @@ -135,6 +135,17 @@ int main(int argc, char **argv) sc_snap_name_validate(base_snap_name, NULL); + + /* Invocation helps to pass relevant data to various parts of snap-confine. */ + sc_invocation invocation = { + .base_snap_name = base_snap_name, + .executable = executable, + .security_tag = security_tag, + .snap_instance = snap_instance, + .classic_confinement = classic_confinement + /* is_normal_mode is not probed yet */ + }; + debug("security tag: %s", security_tag); debug("executable: %s", executable); debug("confinement: %s", @@ -190,16 +201,6 @@ int main(int argc, char **argv) " but should be. Refusing to continue to avoid" " permission escalation attacks"); } - - /* Invocation helps to pass relevant data to various parts of snap-confine. */ - sc_invocation invocation = { - .base_snap_name = base_snap_name, - .executable = executable, - .security_tag = security_tag, - .snap_instance = snap_instance, - .classic_confinement = classic_confinement - /* is_normal_mode is not probed yet */ - }; // TODO: check for similar situation and linux capabilities. if (geteuid() == 0) { if (classic_confinement) {