unbound.service.in: allow CAP_NET_ADMIN

author Maryse47 <41080948+Maryse47@users.noreply.github.com>

Tue, 23 Sep 2025 11:00:50 +0000 (13:00 +0200)

committer GitHub <noreply@github.com>

Tue, 23 Sep 2025 11:00:50 +0000 (13:00 +0200)
author Maryse47 <41080948+Maryse47@users.noreply.github.com>
Tue, 23 Sep 2025 11:00:50 +0000 (13:00 +0200)
committer GitHub <noreply@github.com>
Tue, 23 Sep 2025 11:00:50 +0000 (13:00 +0200)
diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in

index cc8d0ed2dab377446f897592c5375b90123cdeda..45101f61268f590a3549145514cba625fd3e68c5 100644 (file)
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -59,7 +59,7 @@ ExecReload=+/bin/kill -HUP $MAINPID
  ExecStart=@UNBOUND_SBIN_DIR@/unbound -d -p
  NotifyAccess=main
  Type=notify
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW CAP_NET_ADMIN
  MemoryDenyWriteExecute=true
  NoNewPrivileges=true
  PrivateDevices=true
author	Maryse47 <41080948+Maryse47@users.noreply.github.com>
	Tue, 23 Sep 2025 11:00:50 +0000 (13:00 +0200)
committer	GitHub <noreply@github.com>
	Tue, 23 Sep 2025 11:00:50 +0000 (13:00 +0200)