From 968efe719a3e94f74b783190b36189f8e0a64676 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 31 Jan 2020 09:34:13 -0500 Subject: [PATCH] Add CAP_NET_BIND_SERVICE to unit file This is preparing for running as non-root. We need this capability to snoop SLP and PXE --- confluent_server/systemd/confluent.service | 1 + 1 file changed, 1 insertion(+) diff --git a/confluent_server/systemd/confluent.service b/confluent_server/systemd/confluent.service index 7a6f8fea..57476a17 100644 --- a/confluent_server/systemd/confluent.service +++ b/confluent_server/systemd/confluent.service @@ -8,6 +8,7 @@ Type=forking ExecStart=/opt/confluent/bin/confluent ExecStop=/opt/confluent/bin/confetty shutdown / Restart=on-failure +AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target