Code Review / src / app-framework-main.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Revert "afm-unit: Restore removal of capabilities"
[src/app-framework-main.git] / conf / unit / generate-unit-conf / service.inc
diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc
index 59df916..961a262 100644 (file)
--- a/conf/unit/generate-unit-conf/service.inc
+++ b/conf/unit/generate-unit-conf/service.inc
@@ -70,14 +70,13 @@ SuccessExitStatus=0 SIGKILL
 User=%i
 Slice=user-%i.slice
 
-CapabilityBoundingSet=
+#CapabilityBoundingSet=
 #AmbientCapabilities=
 
 ON_PERM(:platform:no-oom,   OOMScoreAdjust=-500)
 ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
+ON_PERM(:public:display,    SupplementaryGroups=display)
 ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
-#ON_PERM(:public:display,    SupplementaryGroups=display)
-SupplementaryGroups=display
 %nl
 
 WorkingDirectory=-APP_DATA_DIR/{{:id}}
Application Framework main service, maintained by iot.bzh team