From bc5cb1d525461c75e69ce1f82a52e223309cca7c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Jul 2013 03:49:24 +0200
Subject: [PATCH] machined: run machined at minimal capabilities

---
 units/systemd-machined.service.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
index 87a81b9c8..26bfe0353 100644
--- a/units/systemd-machined.service.in
+++ b/units/systemd-machined.service.in
@@ -17,3 +17,4 @@ ExecStart=@rootlibexecdir@/systemd-machined
 Restart=always
 RestartSec=0
 BusName=org.freedesktop.machine1
+CapabilityBoundingSet=CAP_KILL
-- 
2.30.2