add cap_net_bind_service to systemd unit

this allows running on port 80 as non privileged user.
2021-05-08 15:50:22 -04:00 · 2021-05-08 15:50:22 -04:00 · 4450ce7f8a
parent f6867e7666
commit 4450ce7f8a
1 changed files with 2 additions and 0 deletions
--- a/debian/session-open-group-server.service
+++ b/debian/session-open-group-server.service
@ -7,6 +7,8 @@ StartLimitInterval=0
 [Service]
 User=_loki
 Type=simple
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 ExecStart=/usr/bin/session-open-group-server
 WorkingDirectory=/var/lib/session-open-group-server
 Restart=on-failure