doc XDP: update the list of required capabilities

We're the same as knotd in this; it evolved a bit
with libknot and kernel versions.  Taken from:
https://www.knot-dns.cz/docs/3.2/singlehtml/#mode-xdp-pre-requisites

diff --git a/daemon/bindings/net_xdpsrv.rst b/daemon/bindings/net_xdpsrv.rst
index 1abc9d36142062d5be71b85cca94bd4fea3a71b5..e3014feca44125b1c62ace36523ac37777794353 100644 (file)
--- a/daemon/bindings/net_xdpsrv.rst
+++ b/daemon/bindings/net_xdpsrv.rst
@@ -57,8 +57,10 @@ And insert these lines:
 .. code-block:: ini
 
        [Service]
-       CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
-       AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
+        CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+        AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+
+The ``CAP_SYS_RESOURCE`` is only needed on Linux < 5.11.
 
 .. TODO suggest some way for ethtool -L?  Perhaps via systemd units?