diff --git a/sandboxed_api/sandbox2/forkserver.cc b/sandboxed_api/sandbox2/forkserver.cc
index 8288baf..f4ac4d6 100644
--- a/sandboxed_api/sandbox2/forkserver.cc
+++ b/sandboxed_api/sandbox2/forkserver.cc
@@ -175,7 +175,6 @@ static void RunInitProcess(int signaling_fd, std::set<int> open_fds) {
     SAPI_RAW_CHECK(sendmsg(signaling_fd, &msgh, 0), "Sending child PID");
     return;
   } else if (child > 0) {
-    SAPI_RAW_CHECK(chdir("/") == 0, "changing init cwd failed");
     if (prctl(PR_SET_NAME, "S2-INIT-PROC", 0, 0, 0) != 0) {
       SAPI_RAW_PLOG(WARNING, "prctl(PR_SET_NAME, 'S2-INIT-PROC')");
     }
diff --git a/sandboxed_api/sandbox2/namespace.cc b/sandboxed_api/sandbox2/namespace.cc
index dd831ae..d0664ce 100644
--- a/sandboxed_api/sandbox2/namespace.cc
+++ b/sandboxed_api/sandbox2/namespace.cc
@@ -249,6 +249,7 @@ void Namespace::InitializeNamespaces(uid_t uid, gid_t gid, int32_t clone_flags,
       syscall(__NR_pivot_root, kSandbox2ChrootPath, kSandbox2ChrootPath) != -1,
       "pivot root");
   SAPI_RAW_PCHECK(umount2("/", MNT_DETACH) != -1, "detaching old root");
+  SAPI_RAW_PCHECK(chdir("/") == 0, "changing cwd after pivot_root failed");
 
   if (SAPI_VLOG_IS_ON(2)) {
     SAPI_RAW_VLOG(2, "Dumping the sandboxee's filesystem:");