From e1e93274a24cdd1aa3b8849fdff6385d5221137c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jos=C3=A9=20Bollo?= Date: Tue, 10 Oct 2017 11:05:36 +0200 Subject: [PATCH] afm-unit.conf: Removes capabilities of applications MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Change-Id: I081e8a8f9ea344d47ae007a4d6c9e72663f82fcf Signed-off-by: José Bollo --- conf/afm-unit-debug.conf.in | 4 ++++ conf/afm-unit.conf.in | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/conf/afm-unit-debug.conf.in b/conf/afm-unit-debug.conf.in index 57f934e..3ebcf1d 100644 --- a/conf/afm-unit-debug.conf.in +++ b/conf/afm-unit-debug.conf.in @@ -131,6 +131,10 @@ SuccessExitStatus=0 SIGKILL PAMName=su User=%i +CapabilityBoundingSet= +AmbientCapabilities= +SecureBits=no-setuid-fixup-locked + {{#required-permission}} {{#urn:AGL:permission::platform:no-oom}} OOMScoreAdjust=-500 {{/urn:AGL:permission::platform:no-oom}} {{#urn:AGL:permission::partner:real-time}} IOSchedulingClass=realtime {{/urn:AGL:permission::partner:real-time}} diff --git a/conf/afm-unit.conf.in b/conf/afm-unit.conf.in index 0432ee3..18de05a 100644 --- a/conf/afm-unit.conf.in +++ b/conf/afm-unit.conf.in @@ -131,6 +131,10 @@ SuccessExitStatus=0 SIGKILL PAMName=su User=%i +CapabilityBoundingSet= +AmbientCapabilities= +SecureBits=no-setuid-fixup-locked + {{#required-permission}} {{#urn:AGL:permission::platform:no-oom}} OOMScoreAdjust=-500 {{/urn:AGL:permission::platform:no-oom}} {{#urn:AGL:permission::partner:real-time}} IOSchedulingClass=realtime {{/urn:AGL:permission::partner:real-time}} -- 2.16.6