core/dbus-execute: do not append denied syscalls in allow-list
Follow-up for
68acc1afbe5cec50da1ffdc411dadda504e4caf5.
Before the commit, SystemCallFilter bus property provides only allowed
syscalls if ExecContext.syscall_filter is an allow-list, and vice versa.
After the commit, if the list is allow-list, it contains allowed
syscalls with value `-1`, and denied syscalls with non-negative values.
To keep the backward compatibility, denied syscalls must be dropped in
SystemCallFilter bus property.
projects / systemd / .git / commit