From ed283d7b14d7b610fc7508b9572d8113a04476d8 Mon Sep 17 00:00:00 2001 From: Michael Johnson Date: Tue, 29 Jun 2021 17:07:00 +0100 Subject: [PATCH] iwd.service: Add CAP_NET_BIND_SERVICE This fixes an issue where the udp port was not being opened due to a permission denied error. The result of this was the dhcp client would fail to send the renewal request and so the dhcp lease would expire. The addition of the CAP_NET_BIND_SERVICE capability allows the service to open sockets in the restricted port range (<1024) which is required for dhcp. --- src/iwd.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iwd.service.in b/src/iwd.service.in index 96e4abac..ab0a5da7 100644 --- a/src/iwd.service.in +++ b/src/iwd.service.in @@ -11,7 +11,7 @@ ExecStart=@libexecdir@/iwd NotifyAccess=main LimitNPROC=1 Restart=on-failure -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE PrivateTmp=true NoNewPrivileges=true DevicePolicy=closed