mirror of
https://github.com/nadoo/glider.git
synced 2025-02-23 17:35:40 +08:00
systemd: add CAP_NET_ADMIN capability for ipset
This commit is contained in:
parent
4729fc57f3
commit
9d9fe7bfd8
@ -11,8 +11,10 @@ Restart=always
|
|||||||
ExecStart=/usr/bin/glider -config /etc/glider/%i.conf
|
ExecStart=/usr/bin/glider -config /etc/glider/%i.conf
|
||||||
|
|
||||||
# work with systemd v229 or later, so glider can listen on port below 1024 with none-root user
|
# work with systemd v229 or later, so glider can listen on port below 1024 with none-root user
|
||||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
# CAP_NET_ADMIN: ipset
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
# CAP_NET_BIND_SERVICE: bind ports under 1024
|
||||||
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||||
|
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
Loading…
Reference in New Issue
Block a user