Remove CAP_NET_ADMIN capability

Kicksecure / apparmor-profile-everything

deprecated - maybe replaced by: `apparmor.d`

https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/484

Other

87 stars 11 forks source link

Remove CAP_NET_ADMIN capability #25

Closed madaidan closed 4 years ago

madaidan commented 4 years ago

So networking still works, we need to use a wrapper script that has the CAP_NET_ADMIN capability and our own networking.service unit to use the wrapper.