diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-02-10 15:45:26 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-02-10 15:46:24 +0100 |
commit | cabca20b1abe646cd57655effbc3a0516b78797f (patch) | |
tree | bc712295f3a5735b10b28f70c056c26e480474c0 | |
parent | 5c72face73e89610a5b926c42fc8e0223bf546a2 (diff) |
journal: add CAP_SETUID and CAP_SETGID to capabilities for journald, so that we can fake SCM_CREDENTIALS
-rw-r--r-- | units/systemd-journald.service.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index c153d472c0..92606b0d88 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -18,7 +18,7 @@ After=syslog.socket ExecStart=@rootlibexecdir@/systemd-journald NotifyAccess=all StandardOutput=null -CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID # Increase the default a bit in order to allow many simultaneous # services being run since we keep one fd open per service. |