core: improve the logic that implies no new privileges

The no_new_privileged_set variable is not used any more since commit 9b232d3241fcfbf60af that fixed another thing. So remove it. Also no need to check if we are under user manager, remove that part too.
author: Djalal Harouni <tixxdz@opendz.org> 2016-11-15 10:15:27 +0100
committer: Djalal Harouni <tixxdz@opendz.org> 2016-11-15 15:04:31 +0100
commit: c92e8afebd6126b4d679ee1a2dc2a5b74a8b49c7 (patch)
tree: 9833d3b39161ae70e3629e74e078247864096957 /src/core/execute.c
parent: 46b6025a8881b50373a3730598c8caa46be537f0 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index f666f7c6ce..04c4e511f4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2201,7 +2201,8 @@ static bool context_has_no_new_privileges(const ExecContext *c) {
         if (have_effective_cap(CAP_SYS_ADMIN)) /* if we are privileged, we don't need NNP */
                 return false;
 
-        return context_has_address_families(c) || /* we need NNP if we have any form of seccomp and are unprivileged */
+        /* We need NNP if we have any form of seccomp and are unprivileged */
+        return context_has_address_families(c) ||
                 c->memory_deny_write_execute ||
                 c->restrict_realtime ||
                 exec_context_restrict_namespaces_set(c) ||
author	Djalal Harouni <tixxdz@opendz.org>	2016-11-15 10:15:27 +0100
committer	Djalal Harouni <tixxdz@opendz.org>	2016-11-15 15:04:31 +0100
commit	c92e8afebd6126b4d679ee1a2dc2a5b74a8b49c7 (patch)
tree	9833d3b39161ae70e3629e74e078247864096957 /src/core/execute.c
parent	46b6025a8881b50373a3730598c8caa46be537f0 (diff)