cjdns service: allow daemon to drop privileges

The service can run certain components with reduced privileges, but for
that it needs the setuid capability.
This commit is contained in:
Joachim Fasting 2017-02-05 04:46:58 +01:00
parent a0338afe5f
commit 2628597e76
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08

View File

@ -258,8 +258,7 @@ in
Restart = "always"; Restart = "always";
StartLimitInterval = 0; StartLimitInterval = 0;
RestartSec = 1; RestartSec = 1;
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW"; CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
ProtectSystem = true; ProtectSystem = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
ProtectHome = true; ProtectHome = true;