units: remove CAP_SYS_PTRACE capability from hostnamed/networkd

The ptrace capability was only necessary to detect virtualizations
environments. Since we changed the logic to determine this to not
require priviliges, there's no need to carry the CAP_SYS_PTRACE
capability anymore.

diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
index 44812592e22c036fabfd0f5c9dfa87a724bdc36a..79e22c1d4fd832b2d875ee68e5723928fc1348fd 100644 (file)
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -13,7 +13,7 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
 [Service]
 ExecStart=@rootlibexecdir@/systemd-hostnamed
 BusName=org.freedesktop.hostname1
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
+CapabilityBoundingSet=CAP_SYS_ADMIN
 WatchdogSec=1min
 PrivateTmp=yes
 PrivateDevices=yes

diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
index fc3b14a6be7dd3149723a32084c8d65983e56d5e..40ec90ef858da765d364570fde5ea2b8b48bed03 100644 (file)
--- a/units/systemd-networkd.service.in
+++ b/units/systemd-networkd.service.in
@@ -19,7 +19,7 @@ Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-networkd
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_PTRACE CAP_SYS_MODULE
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE
 WatchdogSec=1min
 
 [Install]