From 9e7848f6784c12821f82f19170fe9d72912f1587 Mon Sep 17 00:00:00 2001 From: "Alex Xu (Hello71)" Date: Thu, 6 Sep 2018 10:57:15 -0400 Subject: comment out systemd capability lines --- systemd/random-seed-save.service.in | 18 +++++++++--------- systemd/random-seed.service.in | 18 +++++++++--------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/systemd/random-seed-save.service.in b/systemd/random-seed-save.service.in index 2785b00..594d28f 100644 --- a/systemd/random-seed-save.service.in +++ b/systemd/random-seed-save.service.in @@ -5,12 +5,12 @@ After=systemd-remount-fs.service [Service] ExecStart=@sbindir@/random-seed save -CapabilityBoundingSet= -NoNewPrivileges=yes -PrivateDevices=yes -PrivateNetwork=yes -ProtectKernelTunables=yes -ProtectKernelModules=yes -LockPersonality=yes -TemporaryFileSystem=/:ro -BindPaths=@default_seed_dir@ +#CapabilityBoundingSet= +#NoNewPrivileges=yes +#PrivateDevices=yes +#PrivateNetwork=yes +#ProtectKernelTunables=yes +#ProtectKernelModules=yes +#LockPersonality=yes +#TemporaryFileSystem=/:ro +#BindPaths=@default_seed_dir@ diff --git a/systemd/random-seed.service.in b/systemd/random-seed.service.in index 1d88698..3134d47 100644 --- a/systemd/random-seed.service.in +++ b/systemd/random-seed.service.in @@ -13,15 +13,15 @@ Type=oneshot RemainAfterExit=yes ExecStart=@sbindir@/random-seed load ExecStop=@sbindir@/random-seed save -CapabilityBoundingSet=CAP_SYS_ADMIN -NoNewPrivileges=yes -PrivateDevices=yes -PrivateNetwork=yes -ProtectKernelTunables=yes -ProtectKernelModules=yes -LockPersonality=yes -TemporaryFileSystem=/:ro -BindPaths=@default_seed_dir@ +#CapabilityBoundingSet=CAP_SYS_ADMIN +#NoNewPrivileges=yes +#PrivateDevices=yes +#PrivateNetwork=yes +#ProtectKernelTunables=yes +#ProtectKernelModules=yes +#LockPersonality=yes +#TemporaryFileSystem=/:ro +#BindPaths=@default_seed_dir@ TimeoutSec=30s [Install] -- cgit v1.2.3-70-g09d2