setcap.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

--- a/caddy/dist/init/linux-systemd/caddy.service	2016-12-04 13:29:37.126666666 +0000
+++ b/caddy/dist/init/linux-systemd/caddy.service	2016-12-04 13:30:25.119999999 +0000
@@ -38,9 +38,9 @@
 ; The following additional security directives only work with systemd v229 or later.
 ; They further retrict privileges that can be gained by caddy. Uncomment if you like.
 ; Note that you may have to add capabilities required by any plugins in use.
-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-;AmbientCapabilities=CAP_NET_BIND_SERVICE
-;NoNewPrivileges=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true

 [Install]
 WantedBy=multi-user.target