systemd: require CAP_AUDIT_WRITE for NetworkManager service

We need it to write messages to kernel auditing log.
2015-07-24 17:08:30 +02:00
parent 532ed38a3c
commit 28c231d686
1 changed files with 1 additions and 1 deletions
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -11,7 +11,7 @@ ExecStart=@sbindir@/NetworkManager --no-daemon
 Restart=on-failure
 # NM doesn't want systemd to kill its children for it
 KillMode=process
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE
 ProtectSystem=true
 ProtectHome=read-only