From 970f340de5c002f0fad106fa8503a29bcda9bfae Mon Sep 17 00:00:00 2001
From: Roman Hochuli <roman.hochuli@nexellent.ch>
Date: Fri, 22 Apr 2016 11:21:40 +0200
Subject: [PATCH] fixing #3749

---
 contrib/systemd-pdns.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/systemd-pdns.service b/contrib/systemd-pdns.service
index 3d54e32202..422ab898d3 100644
--- a/contrib/systemd-pdns.service
+++ b/contrib/systemd-pdns.service
@@ -11,7 +11,7 @@ Restart=on-failure
 StartLimitInterval=0
 PrivateTmp=true
 PrivateDevices=true
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT
 NoNewPrivileges=true
 # ProtectSystem=full will disallow write access to /etc and /usr, possibly
 # not being able to write slaved-zones into sqlite3 or zonefiles.
-- 
2.47.2