Merge pull request #4658 from endocode/djalal/sandbox-various-fixes-v1

core: improve the logic that implies no new privileges and documentation fixes
author: Djalal Harouni <tixxdz@opendz.org> 2016-11-15 20:45:27 +0100
committer: GitHub <noreply@github.com> 2016-11-15 20:45:27 +0100
commit: afc402b76a4520997a7c831a943be75e3072b301 (patch)
tree: 0ebe0b88cb1c755e5cd49cb169b23f494b99a3a8 /src/core/unit.c
parent: 22f1f8f24cc845dbb953535e93d69f06aa69712f (diff)
parent: 73186d534b1d4a8c217cf102ffd837d8e61a7e42 (diff)
1 files changed, 0 insertions, 8 deletions
diff --git a/src/core/unit.c b/src/core/unit.c
index bba0f5d357..da9bb58a52 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3429,14 +3429,6 @@ int unit_patch_contexts(Unit *u) {
                         ec->working_directory_missing_ok = true;
                 }
 
-                if (MANAGER_IS_USER(u->manager) &&
-                    (ec->syscall_whitelist ||
-                     !set_isempty(ec->syscall_filter) ||
-                     !set_isempty(ec->syscall_archs) ||
-                     ec->address_families_whitelist ||
-                     !set_isempty(ec->address_families)))
-                        ec->no_new_privileges = true;
-
                 if (ec->private_devices)
                         ec->capability_bounding_set &= ~((UINT64_C(1) << CAP_MKNOD) | (UINT64_C(1) << CAP_SYS_RAWIO));
author	Djalal Harouni <tixxdz@opendz.org>	2016-11-15 20:45:27 +0100
committer	GitHub <noreply@github.com>	2016-11-15 20:45:27 +0100
commit	afc402b76a4520997a7c831a943be75e3072b301 (patch)
tree	0ebe0b88cb1c755e5cd49cb169b23f494b99a3a8 /src/core/unit.c
parent	22f1f8f24cc845dbb953535e93d69f06aa69712f (diff)
parent	73186d534b1d4a8c217cf102ffd837d8e61a7e42 (diff)