iwd.service: Add CAP_NET_BIND_SERVICE
This fixes an issue where the udp port was not being opened due to a permission denied error. The result of this was the dhcp client would fail to send the renewal request and so the dhcp lease would expire. The addition of the CAP_NET_BIND_SERVICE capability allows the service to open sockets in the restricted port range (<1024) which is required for dhcp.
This commit is contained in:
parent
584377f8f1
commit
ed283d7b14
|
@ -11,7 +11,7 @@ ExecStart=@libexecdir@/iwd
|
||||||
NotifyAccess=main
|
NotifyAccess=main
|
||||||
LimitNPROC=1
|
LimitNPROC=1
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE
|
||||||
PrivateTmp=true
|
PrivateTmp=true
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
DevicePolicy=closed
|
DevicePolicy=closed
|
||||||
|
|
Loading…
Reference in New Issue