systemd: add chroot capability

author Lubomir Rintel <lkundrak@v3.sk>

Fri, 22 Jan 2016 21:11:07 +0000 (22:11 +0100)

committer Lubomir Rintel <lkundrak@v3.sk>

Fri, 22 Jan 2016 21:12:43 +0000 (22:12 +0100)
author Lubomir Rintel <lkundrak@v3.sk>
Fri, 22 Jan 2016 21:11:07 +0000 (22:11 +0100)
committer Lubomir Rintel <lkundrak@v3.sk>
Fri, 22 Jan 2016 21:12:43 +0000 (22:12 +0100)
diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in

index ba10eed..ea98b95 100644 (file)
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -12,7 +12,7 @@ ExecStart=@sbindir@/NetworkManager --no-daemon
  Restart=on-failure
  # NM doesn't want systemd to kill its children for it
  KillMode=process
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
  ProtectSystem=true
  ProtectHome=read-only
author	Lubomir Rintel <lkundrak@v3.sk>
	Fri, 22 Jan 2016 21:11:07 +0000 (22:11 +0100)
committer	Lubomir Rintel <lkundrak@v3.sk>
	Fri, 22 Jan 2016 21:12:43 +0000 (22:12 +0100)