From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Wed, 19 Oct 2016 21:29:46 +0000 (+0200)
Subject: Don't set "NoNewPrivileges" in systemd unit
X-Git-Tag: 16.12-beta1~15^2^2~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c3b62d2f75d70a6a6069f4e6a49c374e2fd52809;p=ejabberd

Don't set "NoNewPrivileges" in systemd unit

The "NoNewPrivileges" setting breaks some PAM and extauth setups.

Fixes #1281.
---

diff --git a/ejabberd.service.template b/ejabberd.service.template
index fdb8fd0b7..4a2635776 100644
--- a/ejabberd.service.template
+++ b/ejabberd.service.template
@@ -12,11 +12,8 @@ ExecStop=@ctlscriptpath@/ejabberdctl stop
 ExecReload=@ctlscriptpath@/ejabberdctl reload_config
 Type=oneshot
 RemainAfterExit=yes
-# The CAP_DAC_OVERRIDE capability is required for pam authentication to work
-CapabilityBoundingSet=CAP_DAC_OVERRIDE
 PrivateDevices=true
 ProtectSystem=full
-NoNewPrivileges=true
 
 [Install]
 WantedBy=multi-user.target