systemd: require CAP_AUDIT_WRITE for NetworkManager service

author Beniamino Galvani <bgalvani@redhat.com>

Fri, 24 Jul 2015 15:08:30 +0000 (17:08 +0200)

committer Beniamino Galvani <bgalvani@redhat.com>

Tue, 4 Aug 2015 07:32:12 +0000 (09:32 +0200)
author Beniamino Galvani <bgalvani@redhat.com>
Fri, 24 Jul 2015 15:08:30 +0000 (17:08 +0200)
committer Beniamino Galvani <bgalvani@redhat.com>
Tue, 4 Aug 2015 07:32:12 +0000 (09:32 +0200)
diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in

index 42b43e3..fbaf77d 100644 (file)
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -11,7 +11,7 @@ ExecStart=@sbindir@/NetworkManager --no-daemon
  Restart=on-failure
  # NM doesn't want systemd to kill its children for it
  KillMode=process
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE
  ProtectSystem=true
  ProtectHome=read-only
author	Beniamino Galvani <bgalvani@redhat.com>
	Fri, 24 Jul 2015 15:08:30 +0000 (17:08 +0200)
committer	Beniamino Galvani <bgalvani@redhat.com>
	Tue, 4 Aug 2015 07:32:12 +0000 (09:32 +0200)