afm-unit.conf: Removes capabilities of applications

Change-Id: I081e8a8f9ea344d47ae007a4d6c9e72663f82fcf Signed-off-by: José Bollo <jose.bollo@iot.bzh>
author: José Bollo <jose.bollo@iot.bzh> 2017-10-10 11:05:36 +0200
committer: José Bollo <jose.bollo@iot.bzh> 2017-11-24 17:44:57 +0100
commit: e1e93274a24cdd1aa3b8849fdff6385d5221137c (patch)
tree: c527c58463a101313e897ce06c2538251b950c88 /conf
parent: 5d7e7dc483a98a31323079953f548648a2c53cda (diff)
2 files changed, 8 insertions, 0 deletions
diff --git a/conf/afm-unit-debug.conf.in b/conf/afm-unit-debug.conf.in
index 57f934e..3ebcf1d 100644
--- a/conf/afm-unit-debug.conf.in
+++ b/conf/afm-unit-debug.conf.in
@@ -131,6 +131,10 @@ SuccessExitStatus=0 SIGKILL
 PAMName=su
 User=%i
 
+CapabilityBoundingSet=
+AmbientCapabilities=
+SecureBits=no-setuid-fixup-locked
+
 {{#required-permission}}
   {{#urn:AGL:permission::platform:no-oom}}      OOMScoreAdjust=-500             {{/urn:AGL:permission::platform:no-oom}}
   {{#urn:AGL:permission::partner:real-time}}    IOSchedulingClass=realtime      {{/urn:AGL:permission::partner:real-time}}
diff --git a/conf/afm-unit.conf.in b/conf/afm-unit.conf.in
index 0432ee3..18de05a 100644
--- a/conf/afm-unit.conf.in
+++ b/conf/afm-unit.conf.in
@@ -131,6 +131,10 @@ SuccessExitStatus=0 SIGKILL
 PAMName=su
 User=%i
 
+CapabilityBoundingSet=
+AmbientCapabilities=
+SecureBits=no-setuid-fixup-locked
+
 {{#required-permission}}
   {{#urn:AGL:permission::platform:no-oom}}      OOMScoreAdjust=-500             {{/urn:AGL:permission::platform:no-oom}}
   {{#urn:AGL:permission::partner:real-time}}    IOSchedulingClass=realtime      {{/urn:AGL:permission::partner:real-time}}
author	José Bollo <jose.bollo@iot.bzh>	2017-10-10 11:05:36 +0200
committer	José Bollo <jose.bollo@iot.bzh>	2017-11-24 17:44:57 +0100
commit	e1e93274a24cdd1aa3b8849fdff6385d5221137c (patch)
tree	c527c58463a101313e897ce06c2538251b950c88 /conf
parent	5d7e7dc483a98a31323079953f548648a2c53cda (diff)