build: Start using CapabilityBoundingSet option from systemd

2019-09-08 20:26:49 +02:00 · 2019-09-08 20:26:49 +02:00 · e6a99f461a
parent 0f21157287
commit e6a99f461a
2 changed files with 2 additions and 0 deletions
--- a/src/iwd.service.in
+++ b/src/iwd.service.in
@ -9,6 +9,7 @@ BusName=net.connman.iwd
 ExecStart=@libexecdir@/iwd
 LimitNPROC=1
 Restart=on-failure
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 PrivateTmp=true
 NoNewPrivileges=true
 DevicePolicy=closed
--- a/wired/ead.service.in
+++ b/wired/ead.service.in
@ -9,6 +9,7 @@ BusName=net.connman.ead
 ExecStart=@libexecdir@/ead
 LimitNPROC=1
 Restart=on-failure
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 PrivateTmp=true
 NoNewPrivileges=true
 PrivateDevices=true