picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

core: do not set no_new_privileges flag in config_parse_syscall_filter

Browse source 
If SyscallFilter was set, and subsequently cleared, the no_new_privileges flag
was not reset properly. We don't need to set this flag here, it will be
set automatically in unit_patch_contexts() if syscall_filter is set.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2016-10-22 23:28:46 -04:00
parent 863a5610c7
commit 9b232d3241
1 changed files with 1 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/core/load-fragment.c
View file

@ -2736,11 +2736,6 @@ int config_parse_syscall_filter(
if (!isempty(state))
log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
/* Turn on NNP, but only if it wasn't configured explicitly
* before, and only if we are in user mode. */
if (!c->no_new_privileges_set && MANAGER_IS_USER(u->manager))
c->no_new_privileges = true;
return 0;
}
@ -3829,7 +3824,7 @@ int config_parse_no_new_privileges(
return 0;
}
c->no_new_privileges = !!k;
c->no_new_privileges = k;
c->no_new_privileges_set = true;
return 0;