Add more capabilities for systemd

kradalby · kradalby · commit 13645cecb97a · 2023-04-20T15:43:02.000+02:00
Signed-off-by: Kristoffer Dalby &lt;kristoffer@tailscale.com&gt;
diff --git a/docs/packaging/headscale.systemd.service b/docs/packaging/headscale.systemd.service
@@ -16,7 +16,7 @@ WorkingDirectory=/var/lib/headscale
 ReadWritePaths=/var/lib/headscale /var/run
 
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
-CapabilityBoundingSet=CAP_CHOWN
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
 LockPersonality=true
 NoNewPrivileges=true
 PrivateDevices=true
