[systemd-devel] AmbientCapabilities working examples?
Kamil Jońca
kjonca at o2.pl
Mon Sep 4 18:35:36 UTC 2017
I try to configure my freeradius service with capabilities
(https://lists.debian.org/debian-devel/2017/09/msg00062.html)
i can do with setting capabilities on freeradius binary.
But I headr about AmbientCapabilities directive and I tried to use
it. Without success - freeradius dhcp server cannot bind to port 68.
below my unit file:
--8<---------------cut here---------------start------------->8---
[Unit]
Description=FreeRADIUS multi-protocol policy server
After=network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
[Service]
Type=forking
#Type=simple
PIDFile=/run/freeradius/freeradius.pid
EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
User=freerad
AmbientCapabilities=CAP_NET_ADMIN
AmbientCapabilities=CAP_NET_RAW
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
#ExecStart=/usr/sbin/freeradius -f $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
--8<---------------cut here---------------end--------------->8---
I tried to use one AmbientCapabilities directive with all capabilities
in space separates list but also without success.
What am I missing?
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
I must Create a System, or be enslav'd by another Man's;
I will not Reason and Compare; my business is to Create.
-- William Blake, "Jerusalem"
More information about the systemd-devel
mailing list