From fee8491a8e135446cc36af4613f2bbbe3011ddeb Mon Sep 17 00:00:00 2001
From: yrutschle <git1@rutschle.net>
Date: Wed, 10 Apr 2024 18:39:07 +0200
Subject: [PATCH] remove useless capabilities and use standard environment in
 systemd

---
 scripts/systemd.sslh-select@.service | 4 ++--
 scripts/systemd.sslh@.service        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/systemd.sslh-select@.service b/scripts/systemd.sslh-select@.service
index a85c6e2e..bbfe0734 100644
--- a/scripts/systemd.sslh-select@.service
+++ b/scripts/systemd.sslh-select@.service
@@ -3,12 +3,12 @@ Description=SSL/SSH multiplexer (select mode) for %I
 After=network.target
 
 [Service]
-EnvironmentFile=/etc/conf.d/sslh
+EnvironmentFile=/etc/default/sslh
 ExecStart=/usr/sbin/sslh-select -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
 KillMode=process
 #Hardening
 PrivateTmp=true
-CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 SecureBits=noroot-locked
 ProtectSystem=strict
diff --git a/scripts/systemd.sslh@.service b/scripts/systemd.sslh@.service
index ad4561b5..82251cc0 100644
--- a/scripts/systemd.sslh@.service
+++ b/scripts/systemd.sslh@.service
@@ -3,7 +3,7 @@ Description=SSL/SSH multiplexer (fork mode) for %I
 After=network.target
 
 [Service]
-EnvironmentFile=/etc/conf.d/sslh
+EnvironmentFile=/etc/default/sslh
 ExecStart=/usr/sbin/sslh -F/etc/sslh/%I.cfg -f $DAEMON_OPTS
 KillMode=process
 #Hardening