upvote

points

by netheril966 hours ago |
comments
upvoteby est5 hours ago|
[-]
I added these

    AmbientCapabilities=CAP_NET_BIND_SERVICE
    CapabilityBoundingSet=CAP_NET_BIND_SERVICE
    NoNewPrivileges=yes
to my .service. Is it good enough?
reply