Patch caddy's systemd service file to reenable capabilities

This commit https://github.com/mholt/caddy/commit/3f83eccfbd7f553c593d8e89d173699fb4cd2b61 removed the capabilities which are required for caddy in Arch linux.
author: Andreas Linz 2016-09-29 13:55:01 +0200
committer: Andreas Linz 2016-09-29 14:13:58 +0200
commit: 7a904d778081c67571942f4a131a5a74dd473a32 (patch)
tree: 46ecc46ae0359fef6bc5279b02d4f2fbad1a530c /caddy-systemd-service.patch
parent: 3d6ad85b357e56549ba3d73cb75c1f25c2cfddf1 (diff)
download: aur-7a904d778081c67571942f4a131a5a74dd473a32.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/caddy-systemd-service.patch b/caddy-systemd-service.patch
new file mode 100644
index 000000000000..779703c9247d
--- /dev/null
+++ b/caddy-systemd-service.patch
@@ -0,0 +1,15 @@
+--- init/linux-systemd/caddy.service	2016-09-28 21:07:57.000000000 +0200
++++ init/linux-systemd/caddy.service.patched	2016-09-29 13:51:35.533691718 +0200
+@@ -38,9 +38,9 @@
+ ; The following additional security directives only work with systemd v229 or later.
+ ; They further retrict privileges that can be gained by caddy. Uncomment if you like.
+ ; Note that you may have to add capabilities required by any plugins in use.
+-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+-;AmbientCapabilities=CAP_NET_BIND_SERVICE
+-;NoNewPrivileges=true
++CapabilityBoundingSet=CAP_NET_BIND_SERVICE
++AmbientCapabilities=CAP_NET_BIND_SERVICE
++NoNewPrivileges=true
+ 
+ [Install]
+ WantedBy=multi-user.target
author	Andreas Linz	2016-09-29 13:55:01 +0200
committer	Andreas Linz	2016-09-29 14:13:58 +0200
commit	7a904d778081c67571942f4a131a5a74dd473a32 (patch)
tree	46ecc46ae0359fef6bc5279b02d4f2fbad1a530c /caddy-systemd-service.patch
parent	3d6ad85b357e56549ba3d73cb75c1f25c2cfddf1 (diff)
download	aur-7a904d778081c67571942f4a131a5a74dd473a32.tar.gz