units: remove CAP_SYS_PTRACE capability from hostnamed/networkd

The ptrace capability was only necessary to detect virtualizations environments. Since we changed the logic to determine this to not require priviliges, there's no need to carry the CAP_SYS_PTRACE capability anymore.
2014-06-01 08:54:09 +02:00 · 2014-06-01 08:54:09 +02:00 · 40393d5247
parent 966bff2660
commit 40393d5247
2 changed files with 2 additions and 2 deletions
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@ -13,7 +13,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
 [Service]
 ExecStart=@rootlibexecdir@/systemd-hostnamed
 BusName=org.freedesktop.hostname1
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
+CapabilityBoundingSet=CAP_SYS_ADMIN
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@ -19,7 +19,7 @@ Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-networkd
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_PTRACE CAP_SYS_MODULE
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE
 WatchdogSec=1min

 [Install]