seatd: remove no-longer-necessary ambient caps

This commit is contained in:
2024-09-07 17:01:05 +00:00
parent 7ce098f2bb
commit 7ce82ca735

View File

@@ -60,13 +60,12 @@ lib.mkMerge [
serviceConfig.Type = "simple"; serviceConfig.Type = "simple";
serviceConfig.ExecStart = "${cfg.package}/bin/seatd -g seat"; serviceConfig.ExecStart = "${cfg.package}/bin/seatd -g seat";
serviceConfig.Group = "seat"; serviceConfig.Group = "seat";
serviceConfig.AmbientCapabilities = [ # serviceConfig.AmbientCapabilities = [
# XXX(2024-09-07): bwrap doesn't need ambients, but bunpen does since bunpen doesn't know to raise the caps it needs # # "CAP_DAC_OVERRIDE"
# "CAP_DAC_OVERRIDE" # "CAP_NET_ADMIN"
"CAP_NET_ADMIN" # "CAP_SYS_ADMIN"
"CAP_SYS_ADMIN" # # "CAP_SYS_TTY_CONFIG"
# "CAP_SYS_TTY_CONFIG" # ];
];
serviceConfig.CapabilityBoundingSet = [ serviceConfig.CapabilityBoundingSet = [
# "CAP_CHOWN" # "CAP_CHOWN"
"CAP_DAC_OVERRIDE" #< needed, to access /dev/tty "CAP_DAC_OVERRIDE" #< needed, to access /dev/tty