From 2349325e2b5f684fe252396ae340c9a20559a932 Mon Sep 17 00:00:00 2001
From: Wiktor Garbacz <wiktorg@google.com>
Date: Tue, 16 Jul 2019 07:12:57 -0700
Subject: [PATCH] Move root chdir to namespace setup

PiperOrigin-RevId: 258361265
Change-Id: Ifa065559e36606afa7111ef6d8e2d5d621b57426
---
 sandboxed_api/sandbox2/forkserver.cc | 1 -
 sandboxed_api/sandbox2/namespace.cc  | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/sandboxed_api/sandbox2/forkserver.cc b/sandboxed_api/sandbox2/forkserver.cc
index 8288baf..f4ac4d6 100644
--- a/sandboxed_api/sandbox2/forkserver.cc
+++ b/sandboxed_api/sandbox2/forkserver.cc
@@ -175,7 +175,6 @@ static void RunInitProcess(int signaling_fd, std::set<int> open_fds) {
     SAPI_RAW_CHECK(sendmsg(signaling_fd, &msgh, 0), "Sending child PID");
     return;
   } else if (child > 0) {
-    SAPI_RAW_CHECK(chdir("/") == 0, "changing init cwd failed");
     if (prctl(PR_SET_NAME, "S2-INIT-PROC", 0, 0, 0) != 0) {
       SAPI_RAW_PLOG(WARNING, "prctl(PR_SET_NAME, 'S2-INIT-PROC')");
     }
diff --git a/sandboxed_api/sandbox2/namespace.cc b/sandboxed_api/sandbox2/namespace.cc
index dd831ae..d0664ce 100644
--- a/sandboxed_api/sandbox2/namespace.cc
+++ b/sandboxed_api/sandbox2/namespace.cc
@@ -249,6 +249,7 @@ void Namespace::InitializeNamespaces(uid_t uid, gid_t gid, int32_t clone_flags,
       syscall(__NR_pivot_root, kSandbox2ChrootPath, kSandbox2ChrootPath) != -1,
       "pivot root");
   SAPI_RAW_PCHECK(umount2("/", MNT_DETACH) != -1, "detaching old root");
+  SAPI_RAW_PCHECK(chdir("/") == 0, "changing cwd after pivot_root failed");
 
   if (SAPI_VLOG_IS_ON(2)) {
     SAPI_RAW_VLOG(2, "Dumping the sandboxee's filesystem:");