Remove CAP_MAC_ADMIN, CAP_MAC_OVERRIDE from device-policy-manager

author Sungbae Yoo <sungbae.yoo@samsung.com>

Fri, 1 Jul 2016 10:06:02 +0000 (19:06 +0900)

committer Jaemin Ryu <jm77.ryu@samsung.com>

Tue, 5 Jul 2016 06:40:01 +0000 (23:40 -0700)
author Sungbae Yoo <sungbae.yoo@samsung.com>
Fri, 1 Jul 2016 10:06:02 +0000 (19:06 +0900)
committer Jaemin Ryu <jm77.ryu@samsung.com>
Tue, 5 Jul 2016 06:40:01 +0000 (23:40 -0700)
diff --git a/server/systemd/device-policy-manager.service.in b/server/systemd/device-policy-manager.service.in

index b811f35..843011f 100644 (file)
--- a/server/systemd/device-policy-manager.service.in
+++ b/server/systemd/device-policy-manager.service.in
@@ -6,6 +6,8 @@ Type=simple
  ExecStart=${CMAKE_INSTALL_PREFIX}/bin/device-policy-manager
  Restart=on-failure
  ExecReload=/bin/kill -HUP $MAINPID
+CapabilityBoundingSet=~CAP_MAC_ADMIN
+CapabilityBoundingSet=~CAP_MAC_OVERRIDE
  
  [Install]
  WantedBy=multi-user.target
author	Sungbae Yoo <sungbae.yoo@samsung.com>
	Fri, 1 Jul 2016 10:06:02 +0000 (19:06 +0900)
committer	Jaemin Ryu <jm77.ryu@samsung.com>
	Tue, 5 Jul 2016 06:40:01 +0000 (23:40 -0700)