systemd: allow nfd-status-http-server to bind to any port Change-Id: Ie6e2af3b2e194fbe0c4952b90fc39844b20722f0 Refs: #4533

commit: 48b4587eeec1387af55cb820c6a614fdd41ccf23 [log] [tgz]
author: Davide Pesavento <davidepesa@gmail.com> Mon Jan 28 22:22:18 2019 -0500
committer: Davide Pesavento <davidepesa@gmail.com> Mon Jan 28 22:22:18 2019 -0500
tree: c772f7df7a87b07a4838314da93c4ec8ae283ecd
parent: 3ad49db6eaef0d3f4a0a9bdd3356c6bb9845db57 [diff]
diff --git a/systemd/nfd-status-http-server.service.in b/systemd/nfd-status-http-server.service.in
index fa1469b..95a0563 100644
--- a/systemd/nfd-status-http-server.service.in
+++ b/systemd/nfd-status-http-server.service.in

@@ -31,14 +31,15 @@
 ExecStart=@BINDIR@/nfd-status-http-server $FLAGS
 Restart=on-failure
 RestartPreventExitStatus=2
+User=ndn
 
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 PrivateDevices=yes
 PrivateTmp=yes
-PrivateUsers=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectKernelModules=yes
commit	48b4587eeec1387af55cb820c6a614fdd41ccf23	[log] [tgz]
author	Davide Pesavento <davidepesa@gmail.com>	Mon Jan 28 22:22:18 2019 -0500
committer	Davide Pesavento <davidepesa@gmail.com>	Mon Jan 28 22:22:18 2019 -0500
tree	c772f7df7a87b07a4838314da93c4ec8ae283ecd
parent	3ad49db6eaef0d3f4a0a9bdd3356c6bb9845db57 [diff]