From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Wed, 4 Feb 2015 10:04:43 +0000 (+0100)
Subject: Drop unneeded capabilities
X-Git-Tag: dnsdist-1.0.0-alpha1~306^2~4^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b37a90b403ef8fdaf2def8e4c96b8cdf3857881;p=thirdparty%2Fpdns.git

Drop unneeded capabilities

The recursor only needs CAP_NET_BIND_SERVICE
to bind to port 53
---

diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service
index e117604ad4..987dd05434 100644
--- a/contrib/systemd-pdns-recursor.service
+++ b/contrib/systemd-pdns-recursor.service
@@ -9,6 +9,7 @@ Type=forking
 ExecStart=/usr/sbin/pdns_recursor --daemon
 PrivateTmp=true
 PrivateDevices=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy=multi-user.target