diff options
Diffstat (limited to 'src/core/unit.c')
| -rw-r--r-- | src/core/unit.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/core/unit.c b/src/core/unit.c index 690f7f7dd9..71f95c0b96 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3401,6 +3401,9 @@ int unit_patch_contexts(Unit *u) { if (ec->private_devices) ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_MKNOD); + if (ec->protect_kernel_modules) + ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_SYS_MODULE); + if (ec->dynamic_user) { if (!ec->user) { r = user_from_unit_name(u, &ec->user); |