From: Roman Hochuli Date: Fri, 22 Apr 2016 09:21:40 +0000 (+0200) Subject: fixing #3749 X-Git-Tag: rec-4.0.0-alpha3~50^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3751%2Fhead;p=thirdparty%2Fpdns.git fixing #3749 --- diff --git a/contrib/systemd-pdns.service b/contrib/systemd-pdns.service index 3d54e32202..422ab898d3 100644 --- a/contrib/systemd-pdns.service +++ b/contrib/systemd-pdns.service @@ -11,7 +11,7 @@ Restart=on-failure StartLimitInterval=0 PrivateTmp=true PrivateDevices=true -CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT NoNewPrivileges=true # ProtectSystem=full will disallow write access to /etc and /usr, possibly # not being able to write slaved-zones into sqlite3 or zonefiles.