fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-08 11:19:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

service: don't give CAP_DAC_OVERRIDE capability to NetworkManager (2)

Browse source 
TEST-ONLY: check what breaks in NM-CI when doing this.

This reverts commit 4d66d6c7a1 ('Revert "service: don't give
CAP_DAC_OVERRIDE capability to NetworkManager"')
This commit is contained in:
Thomas Haller 2022-03-18 13:42:28 +01:00
parent b3192d2d46
commit 7a9c205bbe
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
data/NetworkManager.service.in
View file

@ -15,8 +15,7 @@ Restart=on-failure
# NM doesn't want systemd to kill its children for it # NM doesn't want systemd to kill its children for it
KillMode=process KillMode=process
# CAP_DAC_OVERRIDE: required to open /run/openvswitch/db.sock socket. CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
ProtectSystem=true ProtectSystem=true
ProtectHome=read-only ProtectHome=read-only