Revert "Remove the NoNewPrivileges because it breaks the ability to open socket"

Selinux-policy has allowed init_t nnp domain transition to gssproxy_t in the commit 95d5f5e.
Now it is ok to enable NoNewPrivileges for gssproxy.service.

Signed-off-by: yixiangzhike <[email protected]>

Author: yixiangzhike

systemd/gssproxy.service.in

@@ -54,10 +54,7 @@ PrivateMounts=yes
 SystemCallFilter=@system-service
 SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native
-# NoNewPrivileges=yes
-# NoNewPrivileges: If it is true, it breaks the ability
-#   to open a socket under /var/lib/gssproxy when selinux enabled.
-#   So it is commented out here.
+NoNewPrivileges=yes
 CapabilityBoundingSet=CAP_DAC_OVERRIDE
 IPAddressDeny=any
 UMask=0177