From 8b6e9c88cb26fa5b78a3aa0463458176a17dfecf Mon Sep 17 00:00:00 2001
From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Thu, 19 Feb 2015 20:45:27 +0100
Subject: [PATCH] recursor needs capability to switch user and group

---
 contrib/systemd-pdns-recursor.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service
index 83980c1591..903cd2c7d3 100644
--- a/contrib/systemd-pdns-recursor.service
+++ b/contrib/systemd-pdns-recursor.service
@@ -10,7 +10,7 @@ Type=forking
 ExecStart=/usr/sbin/pdns_recursor --daemon
 PrivateTmp=true
 PrivateDevices=true
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
 NoNewPrivileges=true
 ProtectSystem=full
 ProtectHome=true
-- 
2.47.2