Code Review
/
src
/
app-framework-main.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Revert "afm-unit: Restore removal of capabilities"
[src/app-framework-main.git]
/
conf
/
unit
/
generate-unit-conf
/
service.inc
diff --git
a/conf/unit/generate-unit-conf/service.inc
b/conf/unit/generate-unit-conf/service.inc
index
59df916
..
961a262
100644
(file)
--- a/
conf/unit/generate-unit-conf/service.inc
+++ b/
conf/unit/generate-unit-conf/service.inc
@@
-70,14
+70,13
@@
SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
User=%i
Slice=user-%i.slice
-CapabilityBoundingSet=
+
#
CapabilityBoundingSet=
#AmbientCapabilities=
ON_PERM(:platform:no-oom, OOMScoreAdjust=-500)
ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
#AmbientCapabilities=
ON_PERM(:platform:no-oom, OOMScoreAdjust=-500)
ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
+ON_PERM(:public:display, SupplementaryGroups=display)
ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
-#ON_PERM(:public:display, SupplementaryGroups=display)
-SupplementaryGroups=display
%nl
WorkingDirectory=-APP_DATA_DIR/{{:id}}
%nl
WorkingDirectory=-APP_DATA_DIR/{{:id}}