units: set capability bounding set for syslog services
This commit is contained in:
parent
ec8b119434
commit
9534ce5485
12
TODO
12
TODO
|
@ -25,12 +25,18 @@ F15:
|
||||||
* don't trim empty cgroups
|
* don't trim empty cgroups
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=678555
|
https://bugzilla.redhat.com/show_bug.cgi?id=678555
|
||||||
|
|
||||||
* drop cap bounding set in logger, hostnamed, readahead, ...
|
|
||||||
|
|
||||||
* make anaconda write timeout=0 for encrypted devices
|
* make anaconda write timeout=0 for encrypted devices
|
||||||
|
|
||||||
|
* Fix assert http://lists.freedesktop.org/archives/systemd-devel/2011-April/001910.html
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
|
* maybe lower default timeout to 2min?
|
||||||
|
|
||||||
|
* GC unreferenced jobs (such as .device jobs)
|
||||||
|
|
||||||
|
* support wildcard expansion in ListeStream= and friends
|
||||||
|
|
||||||
* Add ListenSpecial to .socket units for /proc/kmsg and similar friends?
|
* Add ListenSpecial to .socket units for /proc/kmsg and similar friends?
|
||||||
|
|
||||||
* avoid DefaultStandardOutput=syslog to have any effect on StandardInput=socket services
|
* avoid DefaultStandardOutput=syslog to have any effect on StandardInput=socket services
|
||||||
|
@ -205,6 +211,8 @@ Features:
|
||||||
|
|
||||||
* allow runtime changing of log level and target
|
* allow runtime changing of log level and target
|
||||||
|
|
||||||
|
* drop cap bounding set in readahead and other services
|
||||||
|
|
||||||
External:
|
External:
|
||||||
|
|
||||||
* udisks should not use udisks-part-id, instead use blkid. also not probe /dev/loopxxx
|
* udisks should not use udisks-part-id, instead use blkid. also not probe /dev/loopxxx
|
||||||
|
|
|
@ -16,3 +16,4 @@ ExecStart=@rootlibexecdir@/systemd-kmsg-syslogd
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
StandardOutput=null
|
StandardOutput=null
|
||||||
Sockets=syslog.socket
|
Sockets=syslog.socket
|
||||||
|
CapabilityBoundingSet=CAP_DAC_OVERRIDE
|
||||||
|
|
|
@ -17,3 +17,4 @@ After=syslog.socket
|
||||||
ExecStart=@rootlibexecdir@/systemd-logger
|
ExecStart=@rootlibexecdir@/systemd-logger
|
||||||
NotifyAccess=all
|
NotifyAccess=all
|
||||||
StandardOutput=null
|
StandardOutput=null
|
||||||
|
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID
|
||||||
|
|
Loading…
Reference in New Issue