mountfsd: uncomment CapabilityBoundingSet= line

author Lennart Poettering <lennart@poettering.net>

Sat, 23 Aug 2025 06:08:06 +0000 (08:08 +0200)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Mon, 13 Oct 2025 15:54:07 +0000 (17:54 +0200)
author Lennart Poettering <lennart@poettering.net>
Sat, 23 Aug 2025 06:08:06 +0000 (08:08 +0200)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Mon, 13 Oct 2025 15:54:07 +0000 (17:54 +0200)
diff --git a/units/systemd-mountfsd.service.in b/units/systemd-mountfsd.service.in

index 20a9b425abd272e071beef94849e85e09cdbdabe..c34e5606e2006cd6a136eaf5f02641d41dd6f931 100644 (file)
--- a/units/systemd-mountfsd.service.in
+++ b/units/systemd-mountfsd.service.in
@@ -17,7 +17,7 @@ Before=sysinit.target shutdown.target
  DefaultDependencies=no
  
  [Service]
-#CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE CAP_BPF CAP_PERFMON CAP_SETGID CAP_SETUID
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE CAP_BPF CAP_PERFMON CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_CHOWN CAP_SYS_ADMIN
  ExecStart={{LIBEXECDIR}}/systemd-mountfsd
  IPAddressDeny=any
  LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
author	Lennart Poettering <lennart@poettering.net>
	Sat, 23 Aug 2025 06:08:06 +0000 (08:08 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 13 Oct 2025 15:54:07 +0000 (17:54 +0200)