26 lines
926 B
Diff
26 lines
926 B
Diff
From 5381ad1bd7693a6681f00bef093241f13e3a2c4f Mon Sep 17 00:00:00 2001
|
|
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
Date: Mon, 12 Dec 2016 21:56:16 +0100
|
|
Subject: [PATCH] SYSTEMD: Use capabilities
|
|
|
|
copied from selinux policy
|
|
---
|
|
src/sysv/systemd/sssd.service.in | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
|
|
index 05cfd3705084dbff8b46fb07e736612612c58b70..e7bbbdb5093f52e4b71e3c85a9082192013385e8 100644
|
|
--- a/src/sysv/systemd/sssd.service.in
|
|
+++ b/src/sysv/systemd/sssd.service.in
|
|
@@ -9,6 +9,7 @@ EnvironmentFile=-@environment_file@
|
|
ExecStart=@sbindir@/sssd -i -f
|
|
Type=notify
|
|
NotifyAccess=main
|
|
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
--
|
|
2.11.0
|
|
|