From 306f6d90d39ea81d02c1ca5b01291f9f5718f8ab Mon Sep 17 00:00:00 2001 From: Lucas Werkmeister Date: Fri, 9 Sep 2016 14:47:57 +0200 Subject: [PATCH] fix: add CAP_SETGID to gigi-standalone bounding set MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit I thought CAP_SETUID included CAP_SETGID, but that’s not the case, and we need both. Change-Id: I83adef1bec4baea2a4bd28aafe8c1686f2932014 --- debian/gigi-standalone.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/gigi-standalone.service b/debian/gigi-standalone.service index e60e2eed..776625f8 100644 --- a/debian/gigi-standalone.service +++ b/debian/gigi-standalone.service @@ -6,7 +6,7 @@ Conflicts=gigi-proxy.service [Service] ExecStart=/usr/bin/java -cp /usr/share/java/postgresql-jdbc4.jar:/usr/share/java/gigi.jar org.cacert.gigi.Launcher /etc/cacert/gigi/conf.tar -CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID WorkingDirectory=/var/lib/cacert-gigi PrivateTmp=yes PrivateDevices=yes -- 2.39.2