projects / platform / upstream / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c575770)
core: check protect_kernel_modules and private_devices in order to setup NNP
authorDjalal Harouni <tixxdz@opendz.org>
Sun, 9 Oct 2016 10:28:25 +0000 (12:28 +0200)
committerDjalal Harouni <tixxdz@opendz.org>
Wed, 12 Oct 2016 12:12:07 +0000 (14:12 +0200)
src/core/execute.c patch | blob | history

diff --git a/src/core/execute.c b/src/core/execute.c
index dc078d9..71439bc 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -2115,6 +2115,8 @@ static bool context_has_no_new_privileges(const ExecContext *c) {
                 c->memory_deny_write_execute ||
                 c->restrict_realtime ||
                 c->protect_kernel_tunables ||
+                c->protect_kernel_modules ||
+                c->private_devices ||
                 context_has_syscall_filters(c);
 }
 
Domain: System / System Framework;