From 81fd1dc71c9430bdc6e39c204a26fb92c94e3607 Mon Sep 17 00:00:00 2001
From: Maryse47 <41080948+Maryse47@users.noreply.github.com>
Date: Tue, 23 Sep 2025 17:13:31 +0200
Subject: [PATCH] unbound.service.in: drop CAP_NET_RAW

CAP_NET_RAW is unnecessary after CAP_NET_ADMIN was added
---
 contrib/unbound.service.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index 45101f612..b05e2c959 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -59,7 +59,7 @@ ExecReload=+/bin/kill -HUP $MAINPID
 ExecStart=@UNBOUND_SBIN_DIR@/unbound -d -p
 NotifyAccess=main
 Type=notify
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW CAP_NET_ADMIN
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_ADMIN
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true
-- 
2.47.3