fixing #3748

diff --git a/contrib/systemd-pdns.service b/contrib/systemd-pdns.service
index a60298c766a5d107fe295468b56894deb14a56f9..3d54e3220260bfacd0e38894f5db9a6c4033a11f 100644 (file)
--- a/contrib/systemd-pdns.service
+++ b/contrib/systemd-pdns.service
@@ -11,7 +11,7 @@ Restart=on-failure
 StartLimitInterval=0
 PrivateTmp=true
 PrivateDevices=true
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
 NoNewPrivileges=true
 # ProtectSystem=full will disallow write access to /etc and /usr, possibly
 # not being able to write slaved-zones into sqlite3 or zonefiles.