From: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
Date: Tue, 23 Sep 2025 15:42:41 +0000 (+0200)
Subject: - For #1350, same CAP_NET_ADMIN change for unbound_portable.service.in
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=421d317a646bd5d6da3d901ff14ae5710021df56;p=thirdparty%2Funbound.git

- For #1350, same CAP_NET_ADMIN change for unbound_portable.service.in
  as well.
---

diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in
index 22cd44638..d03197d55 100644
--- a/contrib/unbound_portable.service.in
+++ b/contrib/unbound_portable.service.in
@@ -26,7 +26,7 @@ ExecReload=+/bin/kill -HUP $MAINPID
 ExecStart=@UNBOUND_SBIN_DIR@/unbound -d -p
 NotifyAccess=main
 Type=notify
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_ADMIN
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true
diff --git a/doc/Changelog b/doc/Changelog
index f66a9f34c..579eaf81b 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,8 @@
 	  pythonmod_init.
 	- For #1352, align with the current Python<3 code.
 	- Merge #1350 from Maryse47: unbound.service.in: allow CAP_NET_ADMIN.
+	- For #1350, same CAP_NET_ADMIN change for unbound_portable.service.in
+	  as well.
 
 19 September 2025: Wouter
 	- Fix to remove configure~ from release tarballs.