Skip to content
Snippets Groups Projects
Commit b452cc8e authored by Peter Palfrader's avatar Peter Palfrader
Browse files

Remove CAP_DAC_OVERRIDE, CAP_CHOWN, CAP_FOWNER from systemd unit files 

Remove CAP_DAC_OVERRIDE, CAP_CHOWN, CAP_FOWNER from the systemd service files'
CapabilityBoundingSet.  We may no longer need them.  The upstream changelog
says that Tor changed some logic with 0.2.8.1-alpha that made CAP_CHOWN
CAP_FOWNER no longer needed.
parent fa7c8190
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
debian/changelog
+ 9
0
View file @ b452cc8e
tor (0.2.8.10-2) UNRELEASED; urgency=medium
* Remove CAP_DAC_OVERRIDE, CAP_CHOWN, CAP_FOWNER from the systemd service
files' CapabilityBoundingSet. We may no longer need them. The upstream
changelog says that Tor changed some logic with 0.2.8.1-alpha that made
CAP_CHOWN CAP_FOWNER no longer needed.
-- Peter Palfrader <weasel@debian.org> Thu, 08 Dec 2016 16:32:55 +0100
tor (0.2.8.10-1) unstable; urgency=medium
* New upstream version.
......
debian/systemd/tor@.service
+ 1
1
View file @ b452cc8e
......@@ -29,7 +29,7 @@ ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor-instances
ReadWriteDirectories=-/var/run
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
debian/systemd/tor@default.service
+ 1
1
View file @ b452cc8e
......@@ -31,4 +31,4 @@ ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
ReadWriteDirectories=-/var/run
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment