Russ Allbery <r...@debian.org> writes: > kjo...@poczta.onet.pl (Kamil Jońca) writes: > >> Hm. I tried to add > >> AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE > >> and takes off capabilities from file but without success (ie. service >> does not starts) >> Shoudl I do something else? > > Does it produce any useful error messages? Maybe this doesn't work the
The only one is from radius - cannot bind to port 68 > way that I thought it did. The active capabilities are the effective > ones, but ambient becomes effective after execve, so I would have expected > them to be in place for the process once systemd execs it. I expected also :( KJ -- http://wolnelektury.pl/wesprzyj/teraz/ There are a lot of lies going around.... and half of them are true. -- Winston Churchill
