From 96a407a2435213a1b9a7e1f6373955fdce743d60 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Sun, 11 Jan 2015 11:26:08 -0500
Subject: [PATCH] systemd changes for 13805 as recommened by Tomasz on that
 ticket.

---
 contrib/dist/tor.service.in | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/contrib/dist/tor.service.in b/contrib/dist/tor.service.in
index d7bf611846..93be702401 100644
--- a/contrib/dist/tor.service.in
+++ b/contrib/dist/tor.service.in
@@ -6,7 +6,7 @@ After = syslog.target network.target nss-lookup.target
 Type = notify
 NotifyAccess = all
 ExecStartPre = @BINDIR@/tor -f @CONFDIR@/torrc --verify-config
-ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc 
+ExecStart = @BINDIR@/tor -f @CONFDIR@/torrc
 ExecReload = /bin/kill -HUP ${MAINPID}
 KillSignal = SIGINT
 TimeoutSec = 30
@@ -22,8 +22,9 @@ ProtectSystem = full
 ReadOnlyDirectories = /
 ReadWriteDirectories = -@LOCALSTATEDIR@/lib/tor
 ReadWriteDirectories = -@LOCALSTATEDIR@/log/tor
-ReadWriteDirectories = -@LOCALSTATEDIR@/run/tor
 NoNewPrivileges = yes
+ReadWriteDirectories = -@LOCALSTATEDIR@/run/tor
+CapabilityBoundingSet = CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy = multi-user.target