mountfsd: uncomment CapabilityBoundingSet= line

author Lennart Poettering <lennart@poettering.net>

Sat, 23 Aug 2025 06:08:06 +0000 (08:08 +0200)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Mon, 13 Oct 2025 14:59:40 +0000 (16:59 +0200)
author Lennart Poettering <lennart@poettering.net>
Sat, 23 Aug 2025 06:08:06 +0000 (08:08 +0200)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 13 Oct 2025 14:59:40 +0000 (16:59 +0200)
diff --git a/units/systemd-mountfsd.service.in b/units/systemd-mountfsd.service.in

index 381408da9ccb36e962df3e1d2c40a6b2dec72c19..6fd80359e32dc6f2d58d8c0081c5a03f1b019b17 100644 (file)
--- a/units/systemd-mountfsd.service.in
+++ b/units/systemd-mountfsd.service.in
@@ -18,7 +18,7 @@ Before=sysinit.target shutdown.target
  DefaultDependencies=no
  
  [Service]
-#CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE CAP_BPF CAP_PERFMON CAP_SETGID CAP_SETUID
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE CAP_BPF CAP_PERFMON CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_CHOWN CAP_SYS_ADMIN
  ExecStart={{LIBEXECDIR}}/systemd-mountfsd
  IPAddressDeny=any
  LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
author	Lennart Poettering <lennart@poettering.net>
	Sat, 23 Aug 2025 06:08:06 +0000 (08:08 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 13 Oct 2025 14:59:40 +0000 (16:59 +0200)