From 6c2edcf7387b086dc9594c4acbe5df4509b5e4ff Mon Sep 17 00:00:00 2001
From: Tim Meusel <tim@bastelfreak.de>
Date: Fri, 9 Dec 2016 13:43:16 +0100
Subject: [PATCH] add caps

---
 ext/marmoset_with_cap.service                      | 14 ++++++++++++++
 ...rmoset.service => marmoset_without_cap.service} |  0
 2 files changed, 14 insertions(+)
 create mode 100644 ext/marmoset_with_cap.service
 rename ext/{marmoset.service => marmoset_without_cap.service} (100%)

diff --git a/ext/marmoset_with_cap.service b/ext/marmoset_with_cap.service
new file mode 100644
index 0000000..a8116af
--- /dev/null
+++ b/ext/marmoset_with_cap.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=marmoset API
+After=network.target
+
+[Service]
+WorkingDirectory=/home/marmoset/marmoset
+ExecStart=/home/marmoset/marmoset/prod/bin/python3 /home/marmoset/marmoset/marmoset.py server
+User=marmoset
+Group=marmoset
+PrivateTmp=true
+AmbientCapabilities=CAP_LINUX_IMMUTABLE
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ext/marmoset.service b/ext/marmoset_without_cap.service
similarity index 100%
rename from ext/marmoset.service
rename to ext/marmoset_without_cap.service