blob: 779703c9247d3f8ec38d0407d5d69c9beeffa632 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
--- init/linux-systemd/caddy.service 2016-09-28 21:07:57.000000000 +0200
+++ init/linux-systemd/caddy.service.patched 2016-09-29 13:51:35.533691718 +0200
@@ -38,9 +38,9 @@
; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-;AmbientCapabilities=CAP_NET_BIND_SERVICE
-;NoNewPrivileges=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
|