try outgoing connections before chroot/drop_privs

When chrooted, we either need to force-initialize resolver
and/or nsswitch somehow (no clean way) or resolve all the
names we want before entering chroot jail.  The latter
looks cleaner, easier and it is actually safe because
we still don't talk with the remote nodes there, only
initiating outgoing connections.

diff --git a/src/tincd.c b/src/tincd.c
index d359425..bec16cd 100644 (file)
--- a/src/tincd.c
+++ b/src/tincd.c
@@ -589,7 +589,11 @@ int main2(int argc, char **argv)
        if(!setup_network())
                goto end;
 
        if(!setup_network())
                goto end;
 

-        /* Change process priority */
+       /* Initiate all outgoing connections. */
+
+       try_outgoing_connections();
+
+       /* Change process priority */

 
         char *priority = 0;
 
 
         char *priority = 0;
 


@@ -610,10 +614,6 @@ int main2(int argc, char **argv)
        if (!drop_privs())
                goto end;
 
        if (!drop_privs())
                goto end;
 

-       /* Initiate all outgoing connections. */
-
-       try_outgoing_connections();
-

        /* Start main loop. It only exits when tinc is killed. */
 
        status = main_loop();
        /* Start main loop. It only exits when tinc is killed. */
 
        status = main_loop();