Refactor of service for systemd 229

Since introduction of ambient capabilities,
systemd deprecated the use of Capabilities.
With systemd 229 activated with krogoth,
the use of Capabilities does nothing.

This commits avoids to use SecureBits and Capabilities.
It now relies on the fact that post installations are
setting the capabilities to the file:

 - setcap cap_mac_override,cap_dac_override=ep          afm-system-daemon
 - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep  afm-user-daemon

Using p (permitted) instead of i (inherited) that was
previously used.

Change-Id: I17d51da07adf775d47a7f44551d8b8ebbc6eacb9
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

2 files changed, 1 insertions, 2 deletions

diff --git a/conf/afm-system-daemon.service b/conf/afm-system-daemon.service
index b14f417..77e1f1b 100644
--- a/conf/afm-system-daemon.service
+++ b/conf/afm-system-daemon.service
@@ -9,8 +9,6 @@ ExecStart=/usr/bin/afm-system-daemon
 Restart=on-failure
 RestartSec=5
 CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_MAC_OVERRIDE
-SecureBits=keep-caps
-Capabilities=cap_dac_override,cap_mac_override=i
 
 [Install]
 WantedBy=multi-user.target
diff --git a/conf/afm-user-daemon.service b/conf/afm-user-daemon.service
index d418e8c..c77ef6e 100644
--- a/conf/afm-user-daemon.service
+++ b/conf/afm-user-daemon.service
@@ -5,6 +5,7 @@ Description=Application Framework Master, User side
 Type=dbus                                
 BusName=org.AGL.afm.user          
 ExecStart=/usr/bin/afm-user-daemon       
+CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_MAC_ADMIN CAP_SETGID
 Environment=LD_PRELOAD=/usr/lib/libEGL.so
 Restart=on-failure
 RestartSec=5