summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2011-04-20 03:34:58 +0200
committerLennart Poettering <lennart@poettering.net>2011-04-20 03:34:58 +0200
commit9534ce54858c67363b841cdbdc315140437bfdb4 (patch)
tree587fdca5c1c2e07d7ece458d3597d0abe3d3eef8
parentec8b1194344627d922fb62bfba17edf17c8646d7 (diff)
units: set capability bounding set for syslog services
-rw-r--r--TODO12
-rw-r--r--units/systemd-kmsg-syslogd.service.in1
-rw-r--r--units/systemd-logger.service.in1
3 files changed, 12 insertions, 2 deletions
diff --git a/TODO b/TODO
index 5c4577e374..326acaf837 100644
--- a/TODO
+++ b/TODO
@@ -25,12 +25,18 @@ F15:
* don't trim empty cgroups
https://bugzilla.redhat.com/show_bug.cgi?id=678555
-* drop cap bounding set in logger, hostnamed, readahead, ...
-
* make anaconda write timeout=0 for encrypted devices
+* Fix assert http://lists.freedesktop.org/archives/systemd-devel/2011-April/001910.html
+
Features:
+* maybe lower default timeout to 2min?
+
+* GC unreferenced jobs (such as .device jobs)
+
+* support wildcard expansion in ListeStream= and friends
+
* Add ListenSpecial to .socket units for /proc/kmsg and similar friends?
* avoid DefaultStandardOutput=syslog to have any effect on StandardInput=socket services
@@ -205,6 +211,8 @@ Features:
* allow runtime changing of log level and target
+* drop cap bounding set in readahead and other services
+
External:
* udisks should not use udisks-part-id, instead use blkid. also not probe /dev/loopxxx
diff --git a/units/systemd-kmsg-syslogd.service.in b/units/systemd-kmsg-syslogd.service.in
index aea7583734..b20889e5e5 100644
--- a/units/systemd-kmsg-syslogd.service.in
+++ b/units/systemd-kmsg-syslogd.service.in
@@ -16,3 +16,4 @@ ExecStart=@rootlibexecdir@/systemd-kmsg-syslogd
NotifyAccess=all
StandardOutput=null
Sockets=syslog.socket
+CapabilityBoundingSet=CAP_DAC_OVERRIDE
diff --git a/units/systemd-logger.service.in b/units/systemd-logger.service.in
index 484df7a238..5f7fe40939 100644
--- a/units/systemd-logger.service.in
+++ b/units/systemd-logger.service.in
@@ -17,3 +17,4 @@ After=syslog.socket
ExecStart=@rootlibexecdir@/systemd-logger
NotifyAccess=all
StandardOutput=null
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID