summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDjalal Harouni <tixxdz@opendz.org>2016-10-09 12:28:25 +0200
committerDjalal Harouni <tixxdz@opendz.org>2016-10-12 14:12:07 +0200
commit4084e8fc8947566092fd4ee5a07405570fdbf84d (patch)
treefd92149d586a4cd6aff985dd24eec74b04f1b9dc
parentc575770b75b6cd15684fbacd249147bf5fd6ead7 (diff)
core: check protect_kernel_modules and private_devices in order to setup NNP
-rw-r--r--src/core/execute.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index dc078d96f0..71439bc3c2 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2115,6 +2115,8 @@ static bool context_has_no_new_privileges(const ExecContext *c) {
c->memory_deny_write_execute ||
c->restrict_realtime ||
c->protect_kernel_tunables ||
+ c->protect_kernel_modules ||
+ c->private_devices ||
context_has_syscall_filters(c);
}