recursor needs capability to switch user and group

author Ruben Kerkhof <ruben@rubenkerkhof.com>

Thu, 19 Feb 2015 19:45:27 +0000 (20:45 +0100)

committer Ruben Kerkhof <ruben@rubenkerkhof.com>

Thu, 19 Feb 2015 19:45:27 +0000 (20:45 +0100)
author Ruben Kerkhof <ruben@rubenkerkhof.com>
Thu, 19 Feb 2015 19:45:27 +0000 (20:45 +0100)
committer Ruben Kerkhof <ruben@rubenkerkhof.com>
Thu, 19 Feb 2015 19:45:27 +0000 (20:45 +0100)
diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service

index 83980c1591af411c13807640e5bcba2d0234ded8..903cd2c7d389735e3afb5f0299c61e7a003c11e4 100644 (file)
--- a/contrib/systemd-pdns-recursor.service
+++ b/contrib/systemd-pdns-recursor.service
@@ -10,7 +10,7 @@ Type=forking
  ExecStart=/usr/sbin/pdns_recursor --daemon
  PrivateTmp=true
  PrivateDevices=true
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
  NoNewPrivileges=true
  ProtectSystem=full
  ProtectHome=true
author	Ruben Kerkhof <ruben@rubenkerkhof.com>
	Thu, 19 Feb 2015 19:45:27 +0000 (20:45 +0100)
committer	Ruben Kerkhof <ruben@rubenkerkhof.com>
	Thu, 19 Feb 2015 19:45:27 +0000 (20:45 +0100)