summaryrefslogtreecommitdiffstats
path: root/conf/unit/generate-unit-conf/service.inc
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2019-02-07 10:05:29 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2019-02-07 10:06:34 +0100
commit61c6490ce57c1bb687202fcb6db4bfb294eba479 (patch)
tree3094c3d560ad08354c0ab9c8b2b457bff4fff3fd /conf/unit/generate-unit-conf/service.inc
parent8e5fc40306a5698c43079ff048155a9811eec062 (diff)
Revert "afm-unit: Restore removal of capabilities"
This reverts commit f2a2f1357a5268b614528feeba0a91f4ea04a7aa. Change-Id: I9e88c2e339d37141a7f8624c8660808ce80a9fea Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'conf/unit/generate-unit-conf/service.inc')
-rw-r--r--conf/unit/generate-unit-conf/service.inc5
1 files changed, 2 insertions, 3 deletions
diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc
index 59df916..961a262 100644
--- a/conf/unit/generate-unit-conf/service.inc
+++ b/conf/unit/generate-unit-conf/service.inc
@@ -70,14 +70,13 @@ SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-CapabilityBoundingSet=
+#CapabilityBoundingSet=
#AmbientCapabilities=
ON_PERM(:platform:no-oom, OOMScoreAdjust=-500)
ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
+ON_PERM(:public:display, SupplementaryGroups=display)
ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
-#ON_PERM(:public:display, SupplementaryGroups=display)
-SupplementaryGroups=display
%nl
WorkingDirectory=-APP_DATA_DIR/{{:id}}