From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 12 Nov 2018 16:57:45 +0000 (+0100)
Subject: logind: drop CAP_KILL from caps bounding set
X-Git-Tag: v240~338^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1bded6b28fe13a06eba4882890dd0ffc7739e201;p=thirdparty%2Fsystemd.git

logind: drop CAP_KILL from caps bounding set

logind doesn't kill any processes anymore, hence let's drop the
capability.
---

diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 38a7f269aca..ff1fd96765a 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -21,7 +21,7 @@ After=dbus.socket
 
 [Service]
 BusName=org.freedesktop.login1
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
 ExecStart=@rootlibexecdir@/systemd-logind
 FileDescriptorStoreMax=512
 IPAddressDeny=any