doc: add comment to systemd's NetworkManager.service about ibft requiring CAP_SYS_ADMIN

We don't want to enable this upstream, but make the requirement more discoverable by documenting it and put a comment to NetworkManager.service. https://bugzilla.redhat.com/show_bug.cgi?id=1371201
author: Thomas Haller <thaller@redhat.com> 2016-09-02 13:35:00 +0200
committer: Thomas Haller <thaller@redhat.com> 2016-09-02 15:39:08 +0200
commit: 9aee7b493e3d6352c4864bf2fb4d7fe62626dc38 (patch)
tree: 3beabf6ddfd9f18d5e4803f4766a883f7ec55e60 /data
parent: a043b0b4c73715f6b645a1e78832f398371d0cf1 (diff)
download: NetworkManager-9aee7b493e3d6352c4864bf2fb4d7fe62626dc38.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in
index 95128a68b5..a9e87310cf 100644
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -15,6 +15,10 @@ Restart=on-failure
 # NM doesn't want systemd to kill its children for it
 KillMode=process
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
+
+# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN
+#CapabilityBoundingSet=CAP_SYS_ADMIN
+
 ProtectSystem=true
 ProtectHome=read-only
author	Thomas Haller <thaller@redhat.com>	2016-09-02 13:35:00 +0200
committer	Thomas Haller <thaller@redhat.com>	2016-09-02 15:39:08 +0200
commit	9aee7b493e3d6352c4864bf2fb4d7fe62626dc38 (patch)
tree	3beabf6ddfd9f18d5e4803f4766a883f7ec55e60 /data
parent	a043b0b4c73715f6b645a1e78832f398371d0cf1 (diff)
download	NetworkManager-9aee7b493e3d6352c4864bf2fb4d7fe62626dc38.tar.gz