From c3b62d2f75d70a6a6069f4e6a49c374e2fd52809 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Wed, 19 Oct 2016 23:29:46 +0200
Subject: [PATCH] Don't set "NoNewPrivileges" in systemd unit

The "NoNewPrivileges" setting breaks some PAM and extauth setups.

Fixes #1281.
---
 ejabberd.service.template | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/ejabberd.service.template b/ejabberd.service.template
index fdb8fd0b7..4a2635776 100644
--- a/ejabberd.service.template
+++ b/ejabberd.service.template
@@ -12,11 +12,8 @@ ExecStop=@ctlscriptpath@/ejabberdctl stop
 ExecReload=@ctlscriptpath@/ejabberdctl reload_config
 Type=oneshot
 RemainAfterExit=yes
-# The CAP_DAC_OVERRIDE capability is required for pam authentication to work
-CapabilityBoundingSet=CAP_DAC_OVERRIDE
 PrivateDevices=true
 ProtectSystem=full
-NoNewPrivileges=true
 
 [Install]
 WantedBy=multi-user.target