diff options
| author | Tom Gundersen <teg@jklm.no> | 2014-06-01 22:01:20 +0100 |
|---|---|---|
| committer | Tom Gundersen <teg@jklm.no> | 2014-06-03 10:40:28 +0200 |
| commit | 682265d5e2157882861b0091c6b81fa92699b72a (patch) | |
| tree | dde1a99c7c4df2c673f4dabe02b7b6ba8409aede /units | |
| parent | 0bbea466dcafc0ff51811a3bc451e983c02e63bf (diff) | |
resolved: run as unpriviliged "systemd-resolve" user
This service is not yet network facing, but let's prepare nonetheless.
Currently all caps are dropped, but some may need to be kept in the
future.
Diffstat (limited to 'units')
| -rw-r--r-- | units/systemd-resolved.service.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in index f4bbb7c16..9d422ca7f 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in @@ -15,7 +15,7 @@ Type=notify Restart=always RestartSec=0 ExecStart=@rootlibexecdir@/systemd-resolved -CapabilityBoundingSet= +CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER [Install] WantedBy=multi-user.target |