From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 10 Feb 2012 14:45:26 +0000 (+0100)
Subject: journal: add CAP_SETUID and CAP_SETGID to capabilities for journald, so that we can... 
X-Git-Tag: v42~9
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=cabca20b1abe646cd57655effbc3a0516b78797f

journal: add CAP_SETUID and CAP_SETGID to capabilities for journald, so that we can fake SCM_CREDENTIALS
---

diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index c153d472c..92606b0d8 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -18,7 +18,7 @@ After=syslog.socket
 ExecStart=@rootlibexecdir@/systemd-journald
 NotifyAccess=all
 StandardOutput=null
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID
 
 # Increase the default a bit in order to allow many simultaneous
 # services being run since we keep one fd open per service.