chiark / gitweb /
resolved: run as unpriviliged "systemd-resolve" user
[elogind.git] / units / systemd-resolved.service.in
index f4bbb7c..9d422ca 100644 (file)
@@ -15,7 +15,7 @@ Type=notify
 Restart=always
 RestartSec=0
 ExecStart=@rootlibexecdir@/systemd-resolved
-CapabilityBoundingSet=
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
 
 [Install]
 WantedBy=multi-user.target