From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Wed, 12 Jul 2017 16:54:49 +0000 (+0200)
Subject: collectd.service: remove NoNewPrivileges setting
X-Git-Tag: collectd-5.6.3~17
X-Git-Url: https://git.octo.it/?p=collectd.git;a=commitdiff_plain;h=2e1a81e3a2ab194db4c78a0f54fe4551b9ec34db

collectd.service: remove NoNewPrivileges setting

There are various issues with it in combination with SELinux.
See https://marc.info/?l=selinux&m=149971836431361&w=2 for some
background.
---

diff --git a/contrib/systemd.collectd.service b/contrib/systemd.collectd.service
index 7bc15d7c..a3b689ac 100644
--- a/contrib/systemd.collectd.service
+++ b/contrib/systemd.collectd.service
@@ -29,8 +29,6 @@ ProtectHome=true
 # By default, drop all capabilities:
 CapabilityBoundingSet=
 
-NoNewPrivileges=true
-
 # Tell systemd it will receive a notification from collectd over it's control
 # socket once the daemon is ready. See systemd.service(5) for more details.
 Type=notify