CAP_MKNOD is no longer used
Since commit 144b701453
cool#8703 - Drop random node creation and rely on inherited fd.
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: Iea3610989fa9eb46c41a9d3d2d6627ffa479cbd1
This commit is contained in:
Andras Timar
Michael Meeks
parent
f05cea2b13
commit
71b29f2717
3 changed files with 2 additions and 3 deletions
|
|
@ -18,7 +18,7 @@ ReadWritePaths=/opt/cool /var/log
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
CapabilityBoundingSet=CAP_FOWNER CAP_CHOWN CAP_MKNOD CAP_SYS_CHROOT CAP_SYS_ADMIN
|
CapabilityBoundingSet=CAP_FOWNER CAP_CHOWN CAP_SYS_CHROOT CAP_SYS_ADMIN
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
||||||
2
debian/coolwsd.service
vendored
2
debian/coolwsd.service
vendored
|
|
@ -18,7 +18,7 @@ ReadWritePaths=/opt/cool /var/log
|
||||||
ProtectHome=yes
|
ProtectHome=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
ProtectControlGroups=yes
|
ProtectControlGroups=yes
|
||||||
CapabilityBoundingSet=CAP_FOWNER CAP_CHOWN CAP_MKNOD CAP_SYS_CHROOT CAP_SYS_ADMIN
|
CapabilityBoundingSet=CAP_FOWNER CAP_CHOWN CAP_SYS_CHROOT CAP_SYS_ADMIN
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
||||||
|
|
@ -3178,7 +3178,6 @@ void lokit_main(
|
||||||
|
|
||||||
#ifndef __FreeBSD__
|
#ifndef __FreeBSD__
|
||||||
dropCapability(CAP_SYS_CHROOT);
|
dropCapability(CAP_SYS_CHROOT);
|
||||||
dropCapability(CAP_MKNOD);
|
|
||||||
dropCapability(CAP_FOWNER);
|
dropCapability(CAP_FOWNER);
|
||||||
dropCapability(CAP_CHOWN);
|
dropCapability(CAP_CHOWN);
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue