From: José Bollo <jose.bollo@iot.bzh>
Date: Tue, 10 Oct 2017 09:05:36 +0000 (+0200)
Subject: afm-unit.conf: Removes capabilities of applications
X-Git-Tag: flounder_5.99.1~64
X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?p=src%2Fapp-framework-main.git;a=commitdiff_plain;h=e1e93274a24cdd1aa3b8849fdff6385d5221137c

afm-unit.conf: Removes capabilities of applications

Change-Id: I081e8a8f9ea344d47ae007a4d6c9e72663f82fcf
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---

diff --git a/conf/afm-unit-debug.conf.in b/conf/afm-unit-debug.conf.in
index 57f934e..3ebcf1d 100644
--- a/conf/afm-unit-debug.conf.in
+++ b/conf/afm-unit-debug.conf.in
@@ -131,6 +131,10 @@ SuccessExitStatus=0 SIGKILL
 PAMName=su
 User=%i
 
+CapabilityBoundingSet=
+AmbientCapabilities=
+SecureBits=no-setuid-fixup-locked
+
 {{#required-permission}}
   {{#urn:AGL:permission::platform:no-oom}}      OOMScoreAdjust=-500             {{/urn:AGL:permission::platform:no-oom}}
   {{#urn:AGL:permission::partner:real-time}}    IOSchedulingClass=realtime      {{/urn:AGL:permission::partner:real-time}}
diff --git a/conf/afm-unit.conf.in b/conf/afm-unit.conf.in
index 0432ee3..18de05a 100644
--- a/conf/afm-unit.conf.in
+++ b/conf/afm-unit.conf.in
@@ -131,6 +131,10 @@ SuccessExitStatus=0 SIGKILL
 PAMName=su
 User=%i
 
+CapabilityBoundingSet=
+AmbientCapabilities=
+SecureBits=no-setuid-fixup-locked
+
 {{#required-permission}}
   {{#urn:AGL:permission::platform:no-oom}}      OOMScoreAdjust=-500             {{/urn:AGL:permission::platform:no-oom}}
   {{#urn:AGL:permission::partner:real-time}}    IOSchedulingClass=realtime      {{/urn:AGL:permission::partner:real-time}}