drop NoNewPrivs from irqbalance service

A recent update to libcapng is issuing an error in the system log, caused by the fact that irqbalance attempts to drop capabilities when the systemd service unit has already done so for us. Since irqbalance drops the caps correctly, theres really no need for us to do so via systemd as well. So lets drop NoNewCaps in the service unit. Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
2021-05-12 09:26:10 -04:00 · 2021-05-12 09:26:10 -04:00 · 43751dfc7f
parent 1cac563adc
commit 43751dfc7f
1 changed files with 0 additions and 1 deletions
--- a/misc/irqbalance.service
+++ b/misc/irqbalance.service
@ -9,7 +9,6 @@ EnvironmentFile=-/usr/lib/irqbalance/defaults.env
 EnvironmentFile=-/path/to/irqbalance.env
 ExecStart=/usr/sbin/irqbalance --foreground $IRQBALANCE_ARGS
 CapabilityBoundingSet=
-NoNewPrivileges=yes
 ReadOnlyPaths=/
 ReadWritePaths=/proc/irq
 RestrictAddressFamilies=AF_UNIX