chiark / gitweb /
~ianmdlvl / elogind.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 37c47eb)
main: don't set no_new_privs when using SystemCallArchitectures= system-wide
authorLennart Poettering <lennart@poettering.net>
Mon, 17 Feb 2014 00:14:14 +0000 (01:14 +0100)
committerLennart Poettering <lennart@poettering.net>
Mon, 17 Feb 2014 14:49:21 +0000 (15:49 +0100)
After all, we want to allow userspace to get new privs...

src/core/main.c patch | blob | history

diff --git a/src/core/main.c b/src/core/main.c
index ed64dd167b924de9b639299f36e1a40d57898ffa..b5bb3f6805d77285651a852daba58679dac76639 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1191,6 +1191,12 @@ static int enforce_syscall_archs(Set *archs) {
                 }
         }
 
+        r = seccomp_attr_set(seccomp, SCMP_FLTATR_CTL_NNP, 0);
+        if (r < 0) {
+                log_error("Failed to unset NO_NEW_PRIVS: %s", strerror(-r));
+                goto finish;
+        }
+
         r = seccomp_load(seccomp);
         if (r < 0)
                 log_error("Failed to add install architecture seccomp: %s", strerror(-r));
Unnamed repository; edit this file 'description' to name the repository.