core: do not set no_new_privileges flag in config_parse_syscall_filter

If SyscallFilter was set, and subsequently cleared, the no_new_privileges flag
was not reset properly. We don't need to set this flag here, it will be
set automatically in unit_patch_contexts() if syscall_filter is set.

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index a69f60097dde8fe4536adc8e23fafbec861a60e1..9881baf1927cc93f272231f46565f73beb2c1376 100644 (file)
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -2736,11 +2736,6 @@ int config_parse_syscall_filter(
         if (!isempty(state))
                 log_syntax(unit, LOG_ERR, filename, line, 0, "Trailing garbage, ignoring.");
 
-        /* Turn on NNP, but only if it wasn't configured explicitly
-         * before, and only if we are in user mode. */
-        if (!c->no_new_privileges_set && MANAGER_IS_USER(u->manager))
-                c->no_new_privileges = true;
-
         return 0;
 }
 
@@ -3829,7 +3824,7 @@ int config_parse_no_new_privileges(
                 return 0;
         }
 
-        c->no_new_privileges = !!k;
+        c->no_new_privileges = k;
         c->no_new_privileges_set = true;
 
         return 0;