From 61c6490ce57c1bb687202fcb6db4bfb294eba479 Mon Sep 17 00:00:00 2001
From: José Bollo <jose.bollo@iot.bzh>
Date: Thu, 7 Feb 2019 10:05:29 +0100
Subject: Revert "afm-unit: Restore removal of capabilities"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This reverts commit f2a2f1357a5268b614528feeba0a91f4ea04a7aa.

Change-Id: I9e88c2e339d37141a7f8624c8660808ce80a9fea
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
 conf/unit/afm-unit.conf.in | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'conf/unit/afm-unit.conf.in')

diff --git a/conf/unit/afm-unit.conf.in b/conf/unit/afm-unit.conf.in
index 353d83b..50fd957 100644
--- a/conf/unit/afm-unit.conf.in
+++ b/conf/unit/afm-unit.conf.in
@@ -137,13 +137,12 @@ SmackProcessLabel=User::App::{{:id}}
 SuccessExitStatus=0 SIGKILL
 User=%i
 Slice=user-%i.slice
-CapabilityBoundingSet=
+#CapabilityBoundingSet=
 #AmbientCapabilities=
 {{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
 {{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
+{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
 {{^required-permission.urn:AGL:permission::public:syscall:clock}}SystemCallFilter=~@clock{{/required-permission.urn:AGL:permission::public:syscall:clock}}
-#{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
-SupplementaryGroups=display
 %nl
 WorkingDirectory=-/home/%i/app-data/{{:id}}
 ExecStartPre=/bin/mkdir -p /home/%i/app-data/{{:id}}
-- 
cgit 1.2.3-korg