journal: add CAP_SETUID and CAP_SETGID to capabilities for journald, so that we can fake SCM_CREDENTIALS

2012-02-10 15:45:26 +01:00 · 2012-02-10 15:45:26 +01:00 · cabca20b1a
parent 5c72face73
commit cabca20b1a
1 changed files with 1 additions and 1 deletions
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@ -18,7 +18,7 @@ After=syslog.socket
 ExecStart=@rootlibexecdir@/systemd-journald
 NotifyAccess=all
 StandardOutput=null
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID

 # Increase the default a bit in order to allow many simultaneous
 # services being run since we keep one fd open per service.