From 428541cd643dfc0dcd02eb7890593041852bd4d6 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Wed, 30 Aug 2023 08:28:14 -0400
Subject: [PATCH] MT#55283 actually grant the capabilities

Capabilities listed in the ambient set must also be included in the
bounding set.

Change-Id: I172bd30c9fbe488574e9cc015ba552e805c95fe6
(cherry picked from commit 7200c7af64f65e3ea032208812e3a81175a7818f)
---
 debian/ngcp-rtpengine-daemon.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian/ngcp-rtpengine-daemon.service b/debian/ngcp-rtpengine-daemon.service
index 41f205b52..9d29da5c9 100644
--- a/debian/ngcp-rtpengine-daemon.service
+++ b/debian/ngcp-rtpengine-daemon.service
@@ -66,6 +66,7 @@ CapabilityBoundingSet=
 
 # Service process does not receive ambient capabilities
 # NOTE: we need caps for running as non-root user
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_SYS_NICE
 AmbientCapabilities=CAP_NET_ADMIN CAP_SYS_NICE
 
 # Service has no access to other software's temporary files