journal: add CAP_SETUID and CAP_SETGID to capabilities for journald, so that we can fake SCM_CREDENTIALS
This commit is contained in:
parent
5c72face73
commit
cabca20b1a
|
@ -18,7 +18,7 @@ After=syslog.socket
|
|||
ExecStart=@rootlibexecdir@/systemd-journald
|
||||
NotifyAccess=all
|
||||
StandardOutput=null
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID
|
||||
|
||||
# Increase the default a bit in order to allow many simultaneous
|
||||
# services being run since we keep one fd open per service.
|
||||
|
|
Loading…
Reference in a new issue