From cabca20b1abe646cd57655effbc3a0516b78797f Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 10 Feb 2012 15:45:26 +0100 Subject: [PATCH] journal: add CAP_SETUID and CAP_SETGID to capabilities for journald, so that we can fake SCM_CREDENTIALS --- units/systemd-journald.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index c153d472c0c..92606b0d884 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -18,7 +18,7 @@ After=syslog.socket ExecStart=@rootlibexecdir@/systemd-journald NotifyAccess=all StandardOutput=null -CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID # Increase the default a bit in order to allow many simultaneous # services being run since we keep one fd open per service.