mountfsd: Add CAP_SYS_PTRACE and CAP_SYS_CHROOT

author Daan De Meyer <daan@amutable.com>

Fri, 20 Mar 2026 13:14:28 +0000 (14:14 +0100)

committer Daan De Meyer <daan.j.demeyer@gmail.com>

Fri, 20 Mar 2026 18:19:10 +0000 (19:19 +0100)
author Daan De Meyer <daan@amutable.com>
Fri, 20 Mar 2026 13:14:28 +0000 (14:14 +0100)
committer Daan De Meyer <daan.j.demeyer@gmail.com>
Fri, 20 Mar 2026 18:19:10 +0000 (19:19 +0100)
diff --git a/units/systemd-mountfsd.service.in b/units/systemd-mountfsd.service.in

index 73105007f925fbee17b1b46e00c9dc92743680f3..1e996a0def8324ae16befeca7ecda58ce56379c5 100644 (file)
--- a/units/systemd-mountfsd.service.in
+++ b/units/systemd-mountfsd.service.in
@@ -18,7 +18,7 @@ Before=sysinit.target shutdown.target
  DefaultDependencies=no
  
  [Service]
-CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE CAP_BPF CAP_PERFMON CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_CHOWN CAP_SYS_ADMIN
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_RESOURCE CAP_BPF CAP_PERFMON CAP_SETGID CAP_SETUID CAP_DAC_OVERRIDE CAP_CHOWN CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYS_CHROOT
  ExecStart={{LIBEXECDIR}}/systemd-mountfsd
  IPAddressDeny=any
  LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
author	Daan De Meyer <daan@amutable.com>
	Fri, 20 Mar 2026 13:14:28 +0000 (14:14 +0100)
committer	Daan De Meyer <daan.j.demeyer@gmail.com>
	Fri, 20 Mar 2026 18:19:10 +0000 (19:19 +0100)