From fce7cd888063b5fffcde071914e717c7c914fa6e Mon Sep 17 00:00:00 2001 From: José Bollo Date: Wed, 12 Oct 2016 10:34:20 +0200 Subject: Refactor of service for systemd 229 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since introduction of ambient capabilities, systemd deprecated the use of Capabilities. With systemd 229 activated with krogoth, the use of Capabilities does nothing. This commits avoids to use SecureBits and Capabilities. It now relies on the fact that post installations are setting the capabilities to the file: - setcap cap_mac_override,cap_dac_override=ep afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon Using p (permitted) instead of i (inherited) that was previously used. Change-Id: I17d51da07adf775d47a7f44551d8b8ebbc6eacb9 Signed-off-by: José Bollo --- conf/afm-system-daemon.service | 2 -- 1 file changed, 2 deletions(-) (limited to 'conf/afm-system-daemon.service') diff --git a/conf/afm-system-daemon.service b/conf/afm-system-daemon.service index b14f417..77e1f1b 100644 --- a/conf/afm-system-daemon.service +++ b/conf/afm-system-daemon.service @@ -9,8 +9,6 @@ ExecStart=/usr/bin/afm-system-daemon Restart=on-failure RestartSec=5 CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_MAC_OVERRIDE -SecureBits=keep-caps -Capabilities=cap_dac_override,cap_mac_override=i [Install] WantedBy=multi-user.target -- cgit 1.2.3-korg