Add AmbientCapabilities for all.

debian/shadowsocks-libev-local@.service

@@ -17,6 +17,7 @@ After=network.target
 [Service]
 Type=simple
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 ExecStart=/usr/bin/ss-local -c /etc/shadowsocks-libev/%i.json
 
 [Install]

debian/shadowsocks-libev-redir@.service

@@ -17,6 +17,7 @@ After=network.target
 [Service]
 Type=simple
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks-libev/%i.json
 
 [Install]

debian/shadowsocks-libev-server@.service

@@ -17,6 +17,7 @@ After=network.target
 [Service]
 Type=simple
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/%i.json
 
 [Install]

debian/shadowsocks-libev-tunnel@.service

@@ -17,6 +17,7 @@ After=network.target
 [Service]
 Type=simple
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks-libev/%i.json
 
 [Install]

debian/shadowsocks-libev.service

@@ -16,6 +16,7 @@ After=network.target
 [Service]
 Type=simple
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 EnvironmentFile=/etc/default/shadowsocks-libev
 User=nobody
 Group=nogroup