core: do not set no_new_privileges flag in config_parse_syscall_filter

If SyscallFilter was set, and subsequently cleared, the no_new_privileges flag was not reset properly. We don't need to set this flag here, it will be set automatically in unit_patch_contexts() if syscall_filter is set.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2016-10-22 23:28:46 -0400
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2016-10-22 23:42:34 -0400
commit: 9b232d3241fcfbf60affab69fa51213e36133db5 (patch)
tree: 85c6f6baccb170f3ab5109968a21a0b588271135
parent: 863a5610c7336829d76252375dbe361fd6813a7c (diff)
1 files changed, 1 insertions, 6 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index a69f60097d..9881baf192 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -2736,11 +2736,6 @@ int config_parse_syscall_filter(
         if (!isempty(state))
                 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
 
-        /* Turn on NNP, but only if it wasn't configured explicitly
-         * before, and only if we are in user mode. */
-        if (!c->no_new_privileges_set && MANAGER_IS_USER(u->manager))
-                c->no_new_privileges = true;
-
         return 0;
 }
 
@@ -3829,7 +3824,7 @@ int config_parse_no_new_privileges(
                 return 0;
         }
 
-        c->no_new_privileges = !!k;
+        c->no_new_privileges = k;
         c->no_new_privileges_set = true;
 
         return 0;
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2016-10-22 23:28:46 -0400
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2016-10-22 23:42:34 -0400
commit	9b232d3241fcfbf60affab69fa51213e36133db5 (patch)
tree	85c6f6baccb170f3ab5109968a21a0b588271135
parent	863a5610c7336829d76252375dbe361fd6813a7c (diff)