From e6a99f461a2f23595d3e34a83ea1350c66d64570 Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Sun, 8 Sep 2019 20:26:49 +0200
Subject: [PATCH] build: Start using CapabilityBoundingSet option from systemd

---
 src/iwd.service.in   | 1 +
 wired/ead.service.in | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/iwd.service.in b/src/iwd.service.in
index 9b0158b5..d7a30931 100644
--- a/src/iwd.service.in
+++ b/src/iwd.service.in
@@ -9,6 +9,7 @@ BusName=net.connman.iwd
 ExecStart=@libexecdir@/iwd
 LimitNPROC=1
 Restart=on-failure
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 PrivateTmp=true
 NoNewPrivileges=true
 DevicePolicy=closed
diff --git a/wired/ead.service.in b/wired/ead.service.in
index 95397dcf..fe71aa94 100644
--- a/wired/ead.service.in
+++ b/wired/ead.service.in
@@ -9,6 +9,7 @@ BusName=net.connman.ead
 ExecStart=@libexecdir@/ead
 LimitNPROC=1
 Restart=on-failure
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 PrivateTmp=true
 NoNewPrivileges=true
 PrivateDevices=true