service: don't give CAP_DAC_OVERRIDE capability to NetworkManager

https://bugzilla.redhat.com/show_bug.cgi?id=1921826 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/742
author: Thomas Haller <thaller@redhat.com> 2021-02-03 11:30:18 +0100
committer: Thomas Haller <thaller@redhat.com> 2021-02-12 09:39:01 +0100
commit: 2e334f54b27f91f40c3aa8bdba3254e2284d30bd (patch)
tree: fa6a67f279baec772eea8e0a02c3c2627dc95ed6
parent: e2df6c7503e6d54e9228a21da6205227b1c86b90 (diff)
download: NetworkManager-2e334f54b27f91f40c3aa8bdba3254e2284d30bd.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in
index 91ebd9a36e..382cdee821 100644
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -14,7 +14,7 @@ ExecStart=@sbindir@/NetworkManager --no-daemon
 Restart=on-failure
 # NM doesn't want systemd to kill its children for it
 KillMode=process
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
 
 ProtectSystem=true
 ProtectHome=read-only
author	Thomas Haller <thaller@redhat.com>	2021-02-03 11:30:18 +0100
committer	Thomas Haller <thaller@redhat.com>	2021-02-12 09:39:01 +0100
commit	2e334f54b27f91f40c3aa8bdba3254e2284d30bd (patch)
tree	fa6a67f279baec772eea8e0a02c3c2627dc95ed6
parent	e2df6c7503e6d54e9228a21da6205227b1c86b90 (diff)
download	NetworkManager-2e334f54b27f91f40c3aa8bdba3254e2284d30bd.tar.gz