mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
journal: add CAP_SETUID and CAP_SETGID to capabilities for journald, so that we can fake SCM_CREDENTIALS
This commit is contained in:
parent
5c72face73
commit
cabca20b1a
@ -18,7 +18,7 @@ After=syslog.socket
|
||||
ExecStart=@rootlibexecdir@/systemd-journald
|
||||
NotifyAccess=all
|
||||
StandardOutput=null
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID
|
||||
|
||||
# Increase the default a bit in order to allow many simultaneous
|
||||
# services being run since we keep one fd open per service.
|
||||
|
Loading…
Reference in New Issue
Block a user