From 3f34a935b976b67f2ec761be3dade804fc38f91a Mon Sep 17 00:00:00 2001
From: Alexey Avramov <hakavlad@gmail.com>
Date: Mon, 11 May 2020 14:17:18 +0900
Subject: [PATCH] fix #94

---
 nohang/nohang-desktop.service.in | 3 ++-
 nohang/nohang.service.in         | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/nohang/nohang-desktop.service.in b/nohang/nohang-desktop.service.in
index 5758507..4e88fad 100644
--- a/nohang/nohang-desktop.service.in
+++ b/nohang/nohang-desktop.service.in
@@ -35,8 +35,9 @@ LockPersonality=yes
 # CAP_IPC_LOCK  is required to mlockall()
 # CAP_SYS_PTRACE is required to check /proc/[pid]/exe realpathes
 # CAP_DAC_READ_SEARCH is required to read /proc/[pid]/environ files
+# CAP_DAC_OVERRIDE fixes #94
 # CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE are required to send GUI notifications
-CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
+CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
 
 # `PrivateNetwork=true` breaks GUI notifications on oldstable distros (Debian 8, CentOS 7, Linux Mint 18)
 # On modern distros you can set PrivateNetwork=true for security reasons
diff --git a/nohang/nohang.service.in b/nohang/nohang.service.in
index b880ad7..7cd33a8 100644
--- a/nohang/nohang.service.in
+++ b/nohang/nohang.service.in
@@ -35,8 +35,9 @@ LockPersonality=yes
 # CAP_IPC_LOCK  is required to mlockall()
 # CAP_SYS_PTRACE is required to check /proc/[pid]/exe realpathes
 # CAP_DAC_READ_SEARCH is required to read /proc/[pid]/environ files
+# CAP_DAC_OVERRIDE fixes #94
 # CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE are required to send GUI notifications
-CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
+CapabilityBoundingSet=CAP_KILL CAP_IPC_LOCK CAP_SYS_PTRACE CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_AUDIT_WRITE CAP_SETUID CAP_SETGID CAP_SYS_RESOURCE
 
 # `PrivateNetwork=true` breaks GUI notifications on oldstable distros (Debian 8, CentOS 7, Linux Mint 18)
 # On modern distros you can set PrivateNetwork=true for security reasons