From 4d134914153601c67894d859fd5476290a16ab5a Mon Sep 17 00:00:00 2001
From: William Desportes <williamdes@wdes.fr>
Date: Sat, 1 Mar 2025 15:50:32 +0100
Subject: [PATCH] Document binding port 80

---
 snow-scanner/debian/snow-scanner-worker.service | 3 +++
 snow-scanner/debian/snow-scanner.service        | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/snow-scanner/debian/snow-scanner-worker.service b/snow-scanner/debian/snow-scanner-worker.service
index ebd9b21..3e6ab32 100644
--- a/snow-scanner/debian/snow-scanner-worker.service
+++ b/snow-scanner/debian/snow-scanner-worker.service
@@ -55,6 +55,9 @@ SystemCallArchitectures=native
 # Allow icmp
 #AmbientCapabilities=CAP_NET_RAW
 
+# Add this one for ports < 1024
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
 # sets up a new /dev/ mount for the executed processes and only adds API pseudo devices such as /dev/null, /dev/zero or /dev/random to it,
 # but no physical devices such as /dev/sda, system memory /dev/mem, system ports /dev/port and others.
 # This is useful to turn off physical device access by the executed process
diff --git a/snow-scanner/debian/snow-scanner.service b/snow-scanner/debian/snow-scanner.service
index 37fe1e2..dfaceee 100644
--- a/snow-scanner/debian/snow-scanner.service
+++ b/snow-scanner/debian/snow-scanner.service
@@ -55,6 +55,9 @@ SystemCallArchitectures=native
 # Allow icmp
 #AmbientCapabilities=CAP_NET_RAW
 
+# Add this one for ports < 1024
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+
 # sets up a new /dev/ mount for the executed processes and only adds API pseudo devices such as /dev/null, /dev/zero or /dev/random to it,
 # but no physical devices such as /dev/sda, system memory /dev/mem, system ports /dev/port and others.
 # This is useful to turn off physical device access by the executed process