- For #1350, same CAP_NET_ADMIN change for unbound_portable.service.in

  as well.

diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in
index 22cd4463861a8d7c66fcfb85c738ae9dc16164d0..d03197d5539e24ce3afa59c72c42f6e00f419d18 100644 (file)
--- a/contrib/unbound_portable.service.in
+++ b/contrib/unbound_portable.service.in
@@ -26,7 +26,7 @@ ExecReload=+/bin/kill -HUP $MAINPID
 ExecStart=@UNBOUND_SBIN_DIR@/unbound -d -p
 NotifyAccess=main
 Type=notify
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_ADMIN
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true

diff --git a/doc/Changelog b/doc/Changelog
index f66a9f34ce7a1f08d38e8805567e29e24c89bcac..579eaf81b4def0a9cb13fd502ad78839d528cc01 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,8 @@
          pythonmod_init.
        - For #1352, align with the current Python<3 code.
        - Merge #1350 from Maryse47: unbound.service.in: allow CAP_NET_ADMIN.
+       - For #1350, same CAP_NET_ADMIN change for unbound_portable.service.in
+         as well.
 
 19 September 2025: Wouter
        - Fix to remove configure~ from release tarballs.