iwd.service: Add CAP_NET_BIND_SERVICE

This fixes an issue where the udp port was not being opened due to a permission denied error. The result of this was the dhcp client would fail to send the renewal request and so the dhcp lease would expire. The addition of the CAP_NET_BIND_SERVICE capability allows the service to open sockets in the restricted port range (<1024) which is required for dhcp.
2024-11-25 17:59:25 +01:00 · 2021-06-29 17:07:00 +01:00 · 2021-06-29 17:07:00 +01:00 · ed283d7b14
commit ed283d7b14
parent 584377f8f1
1 changed files with 1 additions and 1 deletions
--- a/src/iwd.service.in
+++ b/src/iwd.service.in
@ -11,7 +11,7 @@ ExecStart=@libexecdir@/iwd
 NotifyAccess=main
 LimitNPROC=1
 Restart=on-failure
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE
 PrivateTmp=true
 NoNewPrivileges=true
 DevicePolicy=closed