On 02/28/2017 11:11 PM, Mantas Mikulėnas wrote:
With older kernels you'll have to use the older Capabilities= setting
*and* set file capabilities (setcap) on the executable itself.
(Well, depending on what file caps you set you might not even need any
systemd settings at all... See e.g. "getcap
On Wed, 01.03.17 05:11, Mantas Mikulėnas (graw...@gmail.com) wrote:
> CapabilityBoundingSet is the exact opposite of what you need, then. It's
> the *bounding set*, it limits capabilities.
>
> With recent kernels, you'll probably want AmbientCapabilities= as the
> simplest option. (Can't remember
CapabilityBoundingSet is the exact opposite of what you need, then. It's
the *bounding set*, it limits capabilities.
With recent kernels, you'll probably want AmbientCapabilities= as the
simplest option. (Can't remember when that was introduced though.)
With older kernels you'll have to use the o
