From f6cb6829215f4042347de00af76a9cd7c68bd5d1 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 3 Feb 2021 11:30:18 +0100
Subject: service: don't give CAP_DAC_OVERRIDE capability to NetworkManager

https://bugzilla.redhat.com/show_bug.cgi?id=1921826
---
 data/NetworkManager.service.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in
index 91ebd9a36e..382cdee821 100644
--- a/data/NetworkManager.service.in
+++ b/data/NetworkManager.service.in
@@ -14,7 +14,7 @@ ExecStart=@sbindir@/NetworkManager --no-daemon
 Restart=on-failure
 # NM doesn't want systemd to kill its children for it
 KillMode=process
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
 
 ProtectSystem=true
 ProtectHome=read-only
-- 
cgit v1.2.1