Don't set "NoNewPrivileges" in systemd unit

author Holger Weiss <holger@zedat.fu-berlin.de>

Wed, 19 Oct 2016 21:29:46 +0000 (23:29 +0200)

committer Holger Weiss <holger@zedat.fu-berlin.de>

Wed, 19 Oct 2016 21:29:46 +0000 (23:29 +0200)
author Holger Weiss <holger@zedat.fu-berlin.de>
Wed, 19 Oct 2016 21:29:46 +0000 (23:29 +0200)
committer Holger Weiss <holger@zedat.fu-berlin.de>
Wed, 19 Oct 2016 21:29:46 +0000 (23:29 +0200)
diff --git a/ejabberd.service.template b/ejabberd.service.template

index fdb8fd0b717b001a62bb4c99e1bdd0d550a2d0ad..4a2635776a6b820c809e73928b854363ab6928da 100644 (file)
--- a/ejabberd.service.template
+++ b/ejabberd.service.template
@@ -12,11 +12,8 @@ ExecStop=@ctlscriptpath@/ejabberdctl stop
  ExecReload=@ctlscriptpath@/ejabberdctl reload_config
  Type=oneshot
  RemainAfterExit=yes
-# The CAP_DAC_OVERRIDE capability is required for pam authentication to work
-CapabilityBoundingSet=CAP_DAC_OVERRIDE
  PrivateDevices=true
  ProtectSystem=full
-NoNewPrivileges=true
  
  [Install]
  WantedBy=multi-user.target
author	Holger Weiss <holger@zedat.fu-berlin.de>
	Wed, 19 Oct 2016 21:29:46 +0000 (23:29 +0200)
committer	Holger Weiss <holger@zedat.fu-berlin.de>
	Wed, 19 Oct 2016 21:29:46 +0000 (23:29 +0200)