main: don't set no_new_privs when using SystemCallArchitectures= system-wide

[elogind.git] / src / core / main.c

diff --git a/src/core/main.c b/src/core/main.c
index ed64dd167b924de9b639299f36e1a40d57898ffa..b5bb3f6805d77285651a852daba58679dac76639 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1191,6 +1191,12 @@ static int enforce_syscall_archs(Set *archs) {
                 }
         }
 
+        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
+        if (r < 0) {
+                log_error("Failed to unset NO_NEW_PRIVS: %s", strerror(-r));
+                goto finish;
+        }
+
         r = seccomp_load(seccomp);
         if (r < 0)
                 log_error("Failed to add install architecture seccomp: %s", strerror(-r));