diff options
author | Patrik Flykt <patrik.flykt@linux.intel.com> | 2016-03-08 12:11:54 +0200 |
---|---|---|
committer | Patrik Flykt <patrik.flykt@linux.intel.com> | 2016-03-08 15:59:22 +0200 |
commit | 9e96310aeef8aefc8de1b41ade21ad0cc1e17788 (patch) | |
tree | eb6b6c5700d3cdc4402d3293946ccc75ffc5c69a | |
parent | 6f7ff26e795d66842a63df9ee686ba20fcaebe5f (diff) | |
download | connman-9e96310aeef8aefc8de1b41ade21ad0cc1e17788.tar.gz |
connman.service: Add CAP_SYS_MODULE to enable module loading
If iptables functionality is built as modules and the modules are not
yet loaded, add CAP_SYS_MODULE capability to allow ConnMan to load any
modules necessary when tethering.
Reported by Brian H. Anderson
-rw-r--r-- | src/connman.service.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/connman.service.in b/src/connman.service.in index 09dfec98..57eaaf96 100644 --- a/src/connman.service.in +++ b/src/connman.service.in @@ -13,7 +13,7 @@ BusName=net.connman Restart=on-failure ExecStart=@sbindir@/connmand -n StandardOutput=null -CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SYS_TIME +CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SYS_TIME CAP_SYS_MODULE ProtectHome=true ProtectSystem=full |