colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

service: remove a misleading comment

Browse Source 
The comment makes it sounds as if we could do without CAP_DAC_OVERRIDE
if we don't use OpenVSwitch, which is not true. At the very least it's
needed by the VPN plugins we spawn to access cert/key material from
users' homes.
This commit is contained in:
Lubomir Rintel
2024-06-05 16:16:53 +02:00
committed by Íñigo Huguet
parent 3ade788716
commit fe65ca77d7
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data/NetworkManager.service.in
View File

@@ -19,7 +19,6 @@ KillMode=process
# With a huge number of interfaces, starting can take a long time. # With a huge number of interfaces, starting can take a long time.
TimeoutStartSec=600 TimeoutStartSec=600
# CAP_DAC_OVERRIDE: required to open /run/openvswitch/db.sock socket.
CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
ProtectSystem=true ProtectSystem=true