From 43751dfc7f29fbf2c46ffcd4fdb6d3f6db291927 Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@gmail.com>
Date: Wed, 12 May 2021 09:26:10 -0400
Subject: [PATCH] drop NoNewPrivs from irqbalance service

A recent update to libcapng is issuing an error in the system log,
caused by the fact that irqbalance attempts to drop capabilities when
the systemd service unit has already done so for us.  Since irqbalance
drops the caps correctly, theres really no need for us to do so via
systemd as well.  So lets drop NoNewCaps in the service unit.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
---
 misc/irqbalance.service | 1 -
 1 file changed, 1 deletion(-)

diff --git a/misc/irqbalance.service b/misc/irqbalance.service
index e7a3336..014798c 100644
--- a/misc/irqbalance.service
+++ b/misc/irqbalance.service
@@ -9,7 +9,6 @@ EnvironmentFile=-/usr/lib/irqbalance/defaults.env
 EnvironmentFile=-/path/to/irqbalance.env
 ExecStart=/usr/sbin/irqbalance --foreground $IRQBALANCE_ARGS
 CapabilityBoundingSet=
-NoNewPrivileges=yes
 ReadOnlyPaths=/
 ReadWritePaths=/proc/irq
 RestrictAddressFamilies=AF_UNIX
-- 
2.31.1