]> git.ipfire.org Git - thirdparty/unbound.git/commit
projects / thirdparty / unbound.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1dcc88b) | patch
Downgrade CAP_NET_ADMIN to CAP_NET_RAW in unbound.service 82/head
authorPascal Ernster <github@hardfalcon.net>
Fri, 20 Sep 2019 04:47:56 +0000 (04:47 +0000)
committerGitHub <noreply@github.com>
Fri, 20 Sep 2019 04:47:56 +0000 (04:47 +0000)
commitae2d5276d27f16044382ce49eb2e2459e073e619
tree62e9fefb00d6c202f216c4e89c446241ece8119btree
parent1dcc88b6e83246988df0520b41b29d27a83f5895commit | diff
Downgrade CAP_NET_ADMIN to CAP_NET_RAW in unbound.service

Since kernel 3.2, CAP_NET_RAW instead of CAP_NET_ADMIN is sufficient to allow for the usage of the IP_TRANSPARENT socket option. CAP_NET_ADMIN allows far more mayhem then CAP_NET_RAW, so prefer the safer, more restrictive solution.
contrib/unbound.service.in diff | blob | blame | history
Mirror of https://github.com/NLnetLabs/unbound.git