]> WPIA git - gigi.git/blobdiff - debian/gigi-standalone.service
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix: add CAP_SETGID to gigi-standalone bounding set
[gigi.git] / debian / gigi-standalone.service
diff --git a/debian/gigi-standalone.service b/debian/gigi-standalone.service
index e60e2eedf7620604f96797e51372d8c3f2f5ab33..776625f823b15cc026dafbec93dbb5c028adcad3 100644 (file)
--- a/debian/gigi-standalone.service
+++ b/debian/gigi-standalone.service
@@ -6,7 +6,7 @@ Conflicts=gigi-proxy.service
 
 [Service]
 ExecStart=/usr/bin/java -cp /usr/share/java/postgresql-jdbc4.jar:/usr/share/java/gigi.jar org.cacert.gigi.Launcher /etc/cacert/gigi/conf.tar
 
 [Service]
 ExecStart=/usr/bin/java -cp /usr/share/java/postgresql-jdbc4.jar:/usr/share/java/gigi.jar org.cacert.gigi.Launcher /etc/cacert/gigi/conf.tar
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID
 WorkingDirectory=/var/lib/cacert-gigi
 PrivateTmp=yes
 PrivateDevices=yes
 WorkingDirectory=/var/lib/cacert-gigi
 PrivateTmp=yes
 PrivateDevices=yes
WPIA Certificate Web Issuance Platform