sipwise
/
rtpengine
mirror of https://github.com/sipwise/rtpengine.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#55283 actually grant the capabilities

Browse Source 
Capabilities listed in the ambient set must also be included in the
bounding set.

Change-Id: I172bd30c9fbe488574e9cc015ba552e805c95fe6
(cherry picked from commit 7200c7af64)
pull/1736/head
Richard Fuchs 2 years ago
parent 8917bb4650
commit 428541cd64
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
debian/ngcp-rtpengine-daemon.service vendored
Unescape View File

@ -66,6 +66,7 @@ CapabilityBoundingSet=
# Service process does not receive ambient capabilities
# NOTE: we need caps for running as non-root user
CapabilityBoundingSet=CAP_NET_ADMIN CAP_SYS_NICE
AmbientCapabilities=CAP_NET_ADMIN CAP_SYS_NICE
# Service has no access to other software's temporary files

Write Preview
Loading…
Cancel
Save