Due to CVE-2011-2494 which prohibits non-privileged users from getting
process information via netlink, pass daemon should be executed by
root or get capability on NET_ADMIN. To do this, it adds capability
into systemd service attribute with cap_net_admin.
Change-Id: Iefd4ca98e963b38a038a8c326f3abad996bb81ee
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
KillSignal=SIGUSR1
User=system_fw
Group=system_fw
+Capabilities=cap_net_admin=i
+SecureBits=keep-caps
[Install]
WantedBy=delayed.target