From: Roman Hochuli <roman.hochuli@nexellent.ch>
Date: Fri, 22 Apr 2016 09:19:41 +0000 (+0200)
Subject: fixing #3748
X-Git-Tag: rec-4.0.0-alpha3~50^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7ad6d968ce3e5d4804f860f821a5f774f1cee854;p=thirdparty%2Fpdns.git

fixing #3748
---

diff --git a/contrib/systemd-pdns.service b/contrib/systemd-pdns.service
index a60298c766..3d54e32202 100644
--- a/contrib/systemd-pdns.service
+++ b/contrib/systemd-pdns.service
@@ -11,7 +11,7 @@ Restart=on-failure
 StartLimitInterval=0
 PrivateTmp=true
 PrivateDevices=true
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
 NoNewPrivileges=true
 # ProtectSystem=full will disallow write access to /etc and /usr, possibly
 # not being able to write slaved-zones into sqlite3 or zonefiles.