system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-07-21 10:14:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

service: don't give CAP_DAC_OVERRIDE capability to NetworkManager

Browse source 
https://bugzilla.redhat.com/show_bug.cgi?id=1921826

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/742
This commit is contained in:
Thomas Haller 2021-02-03 11:30:18 +01:00
parent e2df6c7503
commit 2e334f54b2
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
data/NetworkManager.service.in
View file

@ -14,7 +14,7 @@ ExecStart=@sbindir@/NetworkManager --no-daemon
Restart=on-failure
# NM doesn't want systemd to kill its children for it
KillMode=process
CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
ProtectSystem=true
ProtectHome=read-only