mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-28 18:03:04 +00:00
cjdns service: allow daemon to drop privileges
The service can run certain components with reduced privileges, but for that it needs the setuid capability.
This commit is contained in:
parent
a0338afe5f
commit
2628597e76
@ -258,8 +258,7 @@ in
|
|||||||
Restart = "always";
|
Restart = "always";
|
||||||
StartLimitInterval = 0;
|
StartLimitInterval = 0;
|
||||||
RestartSec = 1;
|
RestartSec = 1;
|
||||||
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
|
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID";
|
||||||
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
|
|
||||||
ProtectSystem = true;
|
ProtectSystem = true;
|
||||||
MemoryDenyWriteExecute = true;
|
MemoryDenyWriteExecute = true;
|
||||||
ProtectHome = true;
|
ProtectHome = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user