From 4084e8fc8947566092fd4ee5a07405570fdbf84d Mon Sep 17 00:00:00 2001
From: Djalal Harouni <tixxdz@opendz.org>
Date: Sun, 9 Oct 2016 12:28:25 +0200
Subject: core: check protect_kernel_modules and private_devices in order to
 setup NNP

---
 src/core/execute.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/core/execute.c b/src/core/execute.c
index dc078d96f0..71439bc3c2 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2115,6 +2115,8 @@ static bool context_has_no_new_privileges(const ExecContext *c) {
                 c->memory_deny_write_execute ||
                 c->restrict_realtime ||
                 c->protect_kernel_tunables ||
+                c->protect_kernel_modules ||
+                c->private_devices ||
                 context_has_syscall_filters(c);
 }
 
-- 
cgit v1.2.3-54-g00ecf