service :set the capabilities

author José Bollo <jose.bollo@iot.bzh>

Thu, 11 Feb 2016 15:41:57 +0000 (16:41 +0100)

committer José Bollo <jose.bollo@iot.bzh>

Thu, 11 Feb 2016 15:41:57 +0000 (16:41 +0100)
author José Bollo <jose.bollo@iot.bzh>
Thu, 11 Feb 2016 15:41:57 +0000 (16:41 +0100)
committer José Bollo <jose.bollo@iot.bzh>
Thu, 11 Feb 2016 15:41:57 +0000 (16:41 +0100)
diff --git a/conf/afm-system-daemon.service b/conf/afm-system-daemon.service

index 80c880f..b14f417 100644 (file)
--- a/conf/afm-system-daemon.service
+++ b/conf/afm-system-daemon.service
@@ -8,6 +8,9 @@ Group=afm
  ExecStart=/usr/bin/afm-system-daemon
  Restart=on-failure
  RestartSec=5
+CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_MAC_OVERRIDE
+SecureBits=keep-caps
+Capabilities=cap_dac_override,cap_mac_override=i
  
  [Install]
  WantedBy=multi-user.target
author	José Bollo <jose.bollo@iot.bzh>
	Thu, 11 Feb 2016 15:41:57 +0000 (16:41 +0100)
committer	José Bollo <jose.bollo@iot.bzh>
	Thu, 11 Feb 2016 15:41:57 +0000 (16:41 +0100)