afm-unit.conf: Removes capabilities of applications

author José Bollo <jose.bollo@iot.bzh>

Tue, 10 Oct 2017 09:05:36 +0000 (11:05 +0200)

committer José Bollo <jose.bollo@iot.bzh>

Fri, 24 Nov 2017 16:44:57 +0000 (17:44 +0100)
author José Bollo <jose.bollo@iot.bzh>
Tue, 10 Oct 2017 09:05:36 +0000 (11:05 +0200)
committer José Bollo <jose.bollo@iot.bzh>
Fri, 24 Nov 2017 16:44:57 +0000 (17:44 +0100)
diff --git a/conf/afm-unit-debug.conf.in b/conf/afm-unit-debug.conf.in

index 57f934e..3ebcf1d 100644 (file)
--- a/conf/afm-unit-debug.conf.in
+++ b/conf/afm-unit-debug.conf.in
@@ -131,6 +131,10 @@ SuccessExitStatus=0 SIGKILL
  PAMName=su
  User=%i
  
+CapabilityBoundingSet=
+AmbientCapabilities=
+SecureBits=no-setuid-fixup-locked
+
  {{#required-permission}}
    {{#urn:AGL:permission::platform:no-oom}}      OOMScoreAdjust=-500             {{/urn:AGL:permission::platform:no-oom}}
    {{#urn:AGL:permission::partner:real-time}}    IOSchedulingClass=realtime      {{/urn:AGL:permission::partner:real-time}}
diff --git a/conf/afm-unit.conf.in b/conf/afm-unit.conf.in

index 0432ee3..18de05a 100644 (file)
--- a/conf/afm-unit.conf.in
+++ b/conf/afm-unit.conf.in
@@ -131,6 +131,10 @@ SuccessExitStatus=0 SIGKILL
  PAMName=su
  User=%i
  
+CapabilityBoundingSet=
+AmbientCapabilities=
+SecureBits=no-setuid-fixup-locked
+
  {{#required-permission}}
    {{#urn:AGL:permission::platform:no-oom}}      OOMScoreAdjust=-500             {{/urn:AGL:permission::platform:no-oom}}
    {{#urn:AGL:permission::partner:real-time}}    IOSchedulingClass=realtime      {{/urn:AGL:permission::partner:real-time}}
author	José Bollo <jose.bollo@iot.bzh>
	Tue, 10 Oct 2017 09:05:36 +0000 (11:05 +0200)
committer	José Bollo <jose.bollo@iot.bzh>
	Fri, 24 Nov 2017 16:44:57 +0000 (17:44 +0100)
conf/afm-unit-debug.conf.in		patch \| blob \| history
conf/afm-unit.conf.in		patch \| blob \| history