use dynamic user and grant capability to bind socket

author: Christian Hesse <mail@eworm.de> 2018-03-13 15:55:36 +0100
committer: Christian Hesse <mail@eworm.de> 2018-03-13 15:55:36 +0100
commit: 2d92b560e4a076f3f34ac4294fc69a7bab22a443 (patch)
tree: f65d15df167aa1c8b67587d2a50dbc816a957c3e
parent: 1165375f7eff38d2ae42193cfcaf10dc1450bcd8 (diff)
download: udp514-journal-2d92b560e4a076f3f34ac4294fc69a7bab22a443.tar.gz
udp514-journal-2d92b560e4a076f3f34ac4294fc69a7bab22a443.tar.zst
1 files changed, 2 insertions, 0 deletions
diff --git a/udp514-journal.service b/udp514-journal.service
index 5ae11f8..0157d16 100644
--- a/udp514-journal.service
+++ b/udp514-journal.service
@@ -6,6 +6,8 @@ After=network.target
 [Service]
 Type=notify
 ExecStart=/usr/bin/udp514-journal
+DynamicUser=on
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 ProtectSystem=full
 ProtectHome=on
 PrivateDevices=on
author	Christian Hesse <mail@eworm.de>	2018-03-13 15:55:36 +0100
committer	Christian Hesse <mail@eworm.de>	2018-03-13 15:55:36 +0100
commit	2d92b560e4a076f3f34ac4294fc69a7bab22a443 (patch)
tree	f65d15df167aa1c8b67587d2a50dbc816a957c3e
parent	1165375f7eff38d2ae42193cfcaf10dc1450bcd8 (diff)
download	udp514-journal-2d92b560e4a076f3f34ac4294fc69a7bab22a443.tar.gz udp514-journal-2d92b560e4a076f3f34ac4294fc69a7bab22a443.tar.zst