From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Thu, 27 Oct 2022 15:31:07 +0000 (+0200)
Subject: doc XDP: update the list of required capabilities
X-Git-Tag: v5.6.0~15^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=818efcae100da92d939ef1095f04fe378370d159;p=thirdparty%2Fknot-resolver.git

doc XDP: update the list of required capabilities

We're the same as knotd in this; it evolved a bit
with libknot and kernel versions.  Taken from:
https://www.knot-dns.cz/docs/3.2/singlehtml/#mode-xdp-pre-requisites
---

diff --git a/daemon/bindings/net_xdpsrv.rst b/daemon/bindings/net_xdpsrv.rst
index 1abc9d361..e3014feca 100644
--- a/daemon/bindings/net_xdpsrv.rst
+++ b/daemon/bindings/net_xdpsrv.rst
@@ -57,8 +57,10 @@ And insert these lines:
 .. code-block:: ini
 
 	[Service]
-	CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
-	AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
+        CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+        AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+
+The ``CAP_SYS_RESOURCE`` is only needed on Linux < 5.11.
 
 .. TODO suggest some way for ethtool -L?  Perhaps via systemd units?