From: Lucas Werkmeister <mail@lucaswerkmeister.de>
Date: Fri, 9 Sep 2016 12:47:57 +0000 (+0200)
Subject: fix: add CAP_SETGID to gigi-standalone bounding set
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=306f6d90d39ea81d02c1ca5b01291f9f5718f8ab

fix: add CAP_SETGID to gigi-standalone bounding set

I thought CAP_SETUID included CAP_SETGID, but that’s not the case, and
we need both.

Change-Id: I83adef1bec4baea2a4bd28aafe8c1686f2932014
---

diff --git a/debian/gigi-standalone.service b/debian/gigi-standalone.service
index e60e2eed..776625f8 100644
--- a/debian/gigi-standalone.service
+++ b/debian/gigi-standalone.service
@@ -6,7 +6,7 @@ Conflicts=gigi-proxy.service
 
 [Service]
 ExecStart=/usr/bin/java -cp /usr/share/java/postgresql-jdbc4.jar:/usr/share/java/gigi.jar org.cacert.gigi.Launcher /etc/cacert/gigi/conf.tar
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID
 WorkingDirectory=/var/lib/cacert-gigi
 PrivateTmp=yes
 PrivateDevices=yes