summaryrefslogtreecommitdiff
path: root/units/systemd-resolved.service.in
diff options
context:
space:
mode:
authorTom Gundersen <teg@jklm.no>2014-06-01 22:01:20 +0100
committerTom Gundersen <teg@jklm.no>2014-06-03 10:40:28 +0200
commit682265d5e2157882861b0091c6b81fa92699b72a (patch)
treedde1a99c7c4df2c673f4dabe02b7b6ba8409aede /units/systemd-resolved.service.in
parent0bbea466dcafc0ff51811a3bc451e983c02e63bf (diff)
resolved: run as unpriviliged "systemd-resolve" user
This service is not yet network facing, but let's prepare nonetheless. Currently all caps are dropped, but some may need to be kept in the future.
Diffstat (limited to 'units/systemd-resolved.service.in')
-rw-r--r--units/systemd-resolved.service.in2
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
index f4bbb7c160..9d422ca7f2 100644
--- a/units/systemd-resolved.service.in
+++ b/units/systemd-resolved.service.in
@@ -15,7 +15,7 @@ Type=notify
Restart=always
RestartSec=0
ExecStart=@rootlibexecdir@/systemd-resolved
-CapabilityBoundingSet=
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER
[Install]
WantedBy=multi-user.target