From 80a05318e6cdfaf432c6c10898b0d276aaf91dfb Mon Sep 17 00:00:00 2001
From: Revertron <r@revertron.com>
Date: Sat, 3 Apr 2021 21:34:07 +0200
Subject: [PATCH] Fixed systemd capabilities for alfis user.

---
 contrib/systemd/alfis.service | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/contrib/systemd/alfis.service b/contrib/systemd/alfis.service
index a5851ee..1d629fa 100644
--- a/contrib/systemd/alfis.service
+++ b/contrib/systemd/alfis.service
@@ -8,10 +8,15 @@ After=alfis-default-config.service
 [Service]
 User=alfis
 Group=alfis
+
 ProtectHome=true
 ProtectSystem=true
+
+SecureBits=keep-caps
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
 SyslogIdentifier=alfis
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 WorkingDirectory=/var/lib/alfis
 ExecStart=/usr/bin/alfis -n -c /etc/alfis.conf
 ExecReload=/bin/kill -HUP $MAINPID