rpms
/
cjdns
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reduce capability set after some testing.

This commit is contained in:
Stuart D. Gathman 2016-08-10 13:57:02 -04:00
parent 35161c4efe
commit b56859af02
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cjdns.sbin.patch
View File

@ -99,7 +99,7 @@ diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
ProtectHome=true
ProtectSystem=true
SyslogIdentifier=cjdroute
+CapabilityBoundingSet=CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_AUDIT_CONTROL
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_AUDIT_CONTROL
ExecStartPre=/bin/sh -ec "if ! test -s /etc/cjdroute.conf; \
then umask 077; \
- /usr/bin/cjdroute --genconf > /etc/cjdroute.conf; \