Add more capabilities for systemd
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
a71cc81fe7
commit
a5afe4bd06
2 changed files with 7 additions and 1 deletions
|
@ -4,6 +4,12 @@
|
||||||
|
|
||||||
### Changes
|
### Changes
|
||||||
|
|
||||||
|
## 0.22.1 (2023-04-20)
|
||||||
|
|
||||||
|
### Changes
|
||||||
|
|
||||||
|
- Fix issue where SystemD could not bind to port 80 [#1365](https://github.com/juanfont/headscale/pull/1365)
|
||||||
|
|
||||||
## 0.22.0 (2023-04-20)
|
## 0.22.0 (2023-04-20)
|
||||||
|
|
||||||
### Changes
|
### Changes
|
||||||
|
|
|
@ -16,7 +16,7 @@ WorkingDirectory=/var/lib/headscale
|
||||||
ReadWritePaths=/var/lib/headscale /var/run
|
ReadWritePaths=/var/lib/headscale /var/run
|
||||||
|
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
|
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
|
||||||
CapabilityBoundingSet=CAP_CHOWN
|
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
|
||||||
LockPersonality=true
|
LockPersonality=true
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
PrivateDevices=true
|
PrivateDevices=true
|
||||||
|
|
Loading…
Reference in a new issue