caddy-systemd-service.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

--- init/linux-systemd/caddy.service	2016-09-28 21:07:57.000000000 +0200
+++ init/linux-systemd/caddy.service.patched	2016-09-29 13:51:35.533691718 +0200
@@ -38,9 +38,9 @@
 ; The following additional security directives only work with systemd v229 or later.
 ; They further retrict privileges that can be gained by caddy. Uncomment if you like.
 ; Note that you may have to add capabilities required by any plugins in use.
-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-;AmbientCapabilities=CAP_NET_BIND_SERVICE
-;NoNewPrivileges=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
 
 [Install]
 WantedBy=multi-user.target