From 0538d2a8113fefb577d74c87178ae67cd767c3d4 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 8 Mar 2021 10:37:43 +0900
Subject: [PATCH] core/execute: sort conditions to make them match
 documentation

---
 src/core/execute.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/core/execute.c b/src/core/execute.c
index 158172bd263..35aea2f8301 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1430,21 +1430,21 @@ static bool context_has_no_new_privileges(const ExecContext *c) {
                 return false;
 
         /* We need NNP if we have any form of seccomp and are unprivileged */
-        return context_has_address_families(c) ||
+        return c->lock_personality ||
                 c->memory_deny_write_execute ||
-                c->restrict_realtime ||
-                c->restrict_suid_sgid ||
-                exec_context_restrict_namespaces_set(c) ||
+                c->private_devices ||
                 c->protect_clock ||
+                c->protect_hostname ||
                 c->protect_kernel_tunables ||
                 c->protect_kernel_modules ||
                 c->protect_kernel_logs ||
-                c->private_devices ||
-                context_has_syscall_filters(c) ||
-                context_has_syscall_logs(c) ||
+                context_has_address_families(c) ||
+                exec_context_restrict_namespaces_set(c) ||
+                c->restrict_realtime ||
+                c->restrict_suid_sgid ||
                 !set_isempty(c->syscall_archs) ||
-                c->lock_personality ||
-                c->protect_hostname;
+                context_has_syscall_filters(c) ||
+                context_has_syscall_logs(c);
 }
 
 static bool exec_context_has_credentials(const ExecContext *context) {
-- 
2.47.3