From b56859af024192c6db1bb94c3cd302b4cfbb15d5 Mon Sep 17 00:00:00 2001
From: Stuart D. Gathman <stuart@gathman.org>
Date: Aug 10 2016 17:57:02 +0000
Subject: Reduce capability set after some testing.


---

diff --git a/cjdns.sbin.patch b/cjdns.sbin.patch
index 04cc506..21ed3dd 100644
--- a/cjdns.sbin.patch
+++ b/cjdns.sbin.patch
@@ -99,7 +99,7 @@ diff -up ./contrib/systemd/cjdns.service.sbin ./contrib/systemd/cjdns.service
  ProtectHome=true
  ProtectSystem=true
  SyslogIdentifier=cjdroute
-+CapabilityBoundingSet=CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_AUDIT_CONTROL
++CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_SYS_CHROOT CAP_AUDIT_CONTROL
  ExecStartPre=/bin/sh -ec "if ! test -s /etc/cjdroute.conf; \
                  then umask 077; \
 -                /usr/bin/cjdroute --genconf > /etc/cjdroute.conf; \