From 2d92b560e4a076f3f34ac4294fc69a7bab22a443 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Tue, 13 Mar 2018 15:55:36 +0100
Subject: use dynamic user and grant capability to bind socket

---
 udp514-journal.service | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/udp514-journal.service b/udp514-journal.service
index 5ae11f8..0157d16 100644
--- a/udp514-journal.service
+++ b/udp514-journal.service
@@ -6,6 +6,8 @@ After=network.target
 [Service]
 Type=notify
 ExecStart=/usr/bin/udp514-journal
+DynamicUser=on
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 ProtectSystem=full
 ProtectHome=on
 PrivateDevices=on
-- 
cgit v1.2.3-54-g00ecf