From fe65ca77d728f36e4615074608dde1ee8eb3402f Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Wed, 5 Jun 2024 16:16:53 +0200
Subject: [PATCH] service: remove a misleading comment

The comment makes it sounds as if we could do without CAP_DAC_OVERRIDE
if we don't use OpenVSwitch, which is not true. At the very least it's
needed by the VPN plugins we spawn to access cert/key material from
users' homes.
---
 data/NetworkManager.service.in | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in
index f09ae86ce..8cd2ac87a 100644
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -19,7 +19,6 @@ KillMode=process
 # With a huge number of interfaces, starting can take a long time.
 TimeoutStartSec=600
 
-# CAP_DAC_OVERRIDE: required to open /run/openvswitch/db.sock socket.
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
 
 ProtectSystem=true