diff options
author | Djalal Harouni <tixxdz@opendz.org> | 2016-11-15 10:15:27 +0100 |
---|---|---|
committer | Djalal Harouni <tixxdz@opendz.org> | 2016-11-15 15:04:31 +0100 |
commit | c92e8afebd6126b4d679ee1a2dc2a5b74a8b49c7 (patch) | |
tree | 9833d3b39161ae70e3629e74e078247864096957 /src/core/unit.c | |
parent | 46b6025a8881b50373a3730598c8caa46be537f0 (diff) |
core: improve the logic that implies no new privileges
The no_new_privileged_set variable is not used any more since commit
9b232d3241fcfbf60af that fixed another thing. So remove it. Also no
need to check if we are under user manager, remove that part too.
Diffstat (limited to 'src/core/unit.c')
-rw-r--r-- | src/core/unit.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/src/core/unit.c b/src/core/unit.c index bba0f5d357..da9bb58a52 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3429,14 +3429,6 @@ int unit_patch_contexts(Unit *u) { ec->working_directory_missing_ok = true; } - if (MANAGER_IS_USER(u->manager) && - (ec->syscall_whitelist || - !set_isempty(ec->syscall_filter) || - !set_isempty(ec->syscall_archs) || - ec->address_families_whitelist || - !set_isempty(ec->address_families))) - ec->no_new_privileges = true; - if (ec->private_devices) ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_MKNOD) | (UINT64_C(1) << CAP_SYS_RAWIO)); |