Merge branch 'sandboxing' into 'master'

Fix systemd sandboxing See merge request mer-core/sensorfw!51
sailfishos · Feb 19, 2020 · 301e1ee · 301e1ee
2 parents e4fd05e + 0649684
commit 301e1ee
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/rpm/sensorfwd.service b/rpm/sensorfwd.service
@@ -12,8 +12,7 @@ ExecReload=/bin/kill -HUP $MAINPID
 Restart=always
 RestartSec=1
 # Sandboxing
-CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_FOWNER
-PrivateNetwork=true
+CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_DAC_OVERRIDE CAP_FOWNER
 PrivateTmp=yes
 ProtectHome=yes
 ProtectSystem=full