From d3cf48f4bd3d69a276f17aa7c910e0b35215caba Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sun, 1 Jun 2014 09:12:00 +0200 Subject: networkd: run as unpriviliged "systemd-network" user This allows us to run networkd mostly unpriviliged with the exception of CAP_NET_* and CAP_SYS_MODULE. I'd really like to get rid of the latter though... --- units/systemd-networkd.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'units/systemd-networkd.service.in') diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index 40ec90ef85..33c3fca488 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -19,7 +19,7 @@ Type=notify Restart=always RestartSec=0 ExecStart=@rootlibexecdir@/systemd-networkd -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER WatchdogSec=1min [Install] -- cgit v1.2.3-54-g00ecf