systemd: Remove NoNewPrivileges and CAP_BOUNDING_SET

author Aki Tuomi <aki.tuomi@dovecot.fi>

Tue, 24 Apr 2018 08:44:33 +0000 (11:44 +0300)

committer Ville Savolainen <ville.savolainen@dovecot.fi>

Thu, 7 Jun 2018 07:03:49 +0000 (10:03 +0300)
author Aki Tuomi <aki.tuomi@dovecot.fi>
Tue, 24 Apr 2018 08:44:33 +0000 (11:44 +0300)
committer Ville Savolainen <ville.savolainen@dovecot.fi>
Thu, 7 Jun 2018 07:03:49 +0000 (10:03 +0300)
diff --git a/dovecot.service.in b/dovecot.service.in

index 5fe382a12fa1229fa6758db511542eb7e9fe96df..d6c9dae7763a5af162ccbdb88ed1c9df4f966760 100644 (file)
--- a/dovecot.service.in
+++ b/dovecot.service.in
@@ -20,9 +20,6 @@ PrivateTmp=true
  NonBlocking=yes
  ProtectSystem=full
  PrivateDevices=true
-# disable this if you want to use apparmor plugin
-NoNewPrivileges=true
-CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_KILL CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE
  
  # You can add environment variables with e.g.:
  #Environment='CORE_OUTOFMEM=1'
author	Aki Tuomi <aki.tuomi@dovecot.fi>
	Tue, 24 Apr 2018 08:44:33 +0000 (11:44 +0300)
committer	Ville Savolainen <ville.savolainen@dovecot.fi>
	Thu, 7 Jun 2018 07:03:49 +0000 (10:03 +0300)