32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
|
From 43751dfc7f29fbf2c46ffcd4fdb6d3f6db291927 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Neil Horman <nhorman@gmail.com>
|
||
|
|
Date: Wed, 12 May 2021 09:26:10 -0400
|
||
|
|
Subject: [PATCH] drop NoNewPrivs from irqbalance service
|
||
|
|
|
||
|
|
A recent update to libcapng is issuing an error in the system log,
|
||
|
|
caused by the fact that irqbalance attempts to drop capabilities when
|
||
|
|
the systemd service unit has already done so for us. Since irqbalance
|
||
|
|
drops the caps correctly, theres really no need for us to do so via
|
||
|
|
systemd as well. So lets drop NoNewCaps in the service unit.
|
||
|
|
|
||
|
|
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
|
||
|
|
---
|
||
|
|
misc/irqbalance.service | 1 -
|
||
|
|
1 file changed, 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/misc/irqbalance.service b/misc/irqbalance.service
|
||
|
|
index e7a3336..014798c 100644
|
||
|
|
--- a/misc/irqbalance.service
|
||
|
|
+++ b/misc/irqbalance.service
|
||
|
|
@@ -9,7 +9,6 @@ EnvironmentFile=-/usr/lib/irqbalance/defaults.env
|
||
|
|
EnvironmentFile=-/path/to/irqbalance.env
|
||
|
|
ExecStart=/usr/sbin/irqbalance --foreground $IRQBALANCE_ARGS
|
||
|
|
CapabilityBoundingSet=
|
||
|
|
-NoNewPrivileges=yes
|
||
|
|
ReadOnlyPaths=/
|
||
|
|
ReadWritePaths=/proc/irq
|
||
|
|
RestrictAddressFamilies=AF_UNIX
|
||
|
|
--
|
||
|
|
2.31.1
|
||
|
|
|