seatd: remove no-longer-necessary ambient caps
This commit is contained in:
@@ -60,13 +60,12 @@ lib.mkMerge [
|
|||||||
serviceConfig.Type = "simple";
|
serviceConfig.Type = "simple";
|
||||||
serviceConfig.ExecStart = "${cfg.package}/bin/seatd -g seat";
|
serviceConfig.ExecStart = "${cfg.package}/bin/seatd -g seat";
|
||||||
serviceConfig.Group = "seat";
|
serviceConfig.Group = "seat";
|
||||||
serviceConfig.AmbientCapabilities = [
|
# serviceConfig.AmbientCapabilities = [
|
||||||
# XXX(2024-09-07): bwrap doesn't need ambients, but bunpen does since bunpen doesn't know to raise the caps it needs
|
# # "CAP_DAC_OVERRIDE"
|
||||||
# "CAP_DAC_OVERRIDE"
|
# "CAP_NET_ADMIN"
|
||||||
"CAP_NET_ADMIN"
|
# "CAP_SYS_ADMIN"
|
||||||
"CAP_SYS_ADMIN"
|
# # "CAP_SYS_TTY_CONFIG"
|
||||||
# "CAP_SYS_TTY_CONFIG"
|
# ];
|
||||||
];
|
|
||||||
serviceConfig.CapabilityBoundingSet = [
|
serviceConfig.CapabilityBoundingSet = [
|
||||||
# "CAP_CHOWN"
|
# "CAP_CHOWN"
|
||||||
"CAP_DAC_OVERRIDE" #< needed, to access /dev/tty
|
"CAP_DAC_OVERRIDE" #< needed, to access /dev/tty
|
||||||
|
Reference in New Issue
Block a user