summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--contrib/Fedora/haveged.service5
1 files changed, 3 insertions, 2 deletions
diff --git a/contrib/Fedora/haveged.service b/contrib/Fedora/haveged.service
index 6217765..abb9cfc 100644
--- a/contrib/Fedora/haveged.service
+++ b/contrib/Fedora/haveged.service
@@ -11,11 +11,12 @@ Restart=always
SuccessExitStatus=137 143
SecureBits=noroot-locked
-CapabilityBoundingSet=CAP_SYS_ADMIN
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
# We can *not* set PrivateTmp=true as it can cause an ordering cycle.
PrivateTmp=false
PrivateDevices=true
-PrivateNetwork=true
+# We can *not* set PrivateNetwork=true to allow command mode (chroot when included in initramfs)
+#PrivateNetwork=true
ProtectSystem=full
ProtectHome=true
ProtectHostname=true
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 11:02:49 +0100