From 9534ce54858c67363b841cdbdc315140437bfdb4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Apr 2011 03:34:58 +0200
Subject: units: set capability bounding set for syslog services

---
 units/systemd-kmsg-syslogd.service.in | 1 +
 units/systemd-logger.service.in       | 1 +
 2 files changed, 2 insertions(+)

(limited to 'units')

diff --git a/units/systemd-kmsg-syslogd.service.in b/units/systemd-kmsg-syslogd.service.in
index aea7583734..b20889e5e5 100644
--- a/units/systemd-kmsg-syslogd.service.in
+++ b/units/systemd-kmsg-syslogd.service.in
@@ -16,3 +16,4 @@ ExecStart=@rootlibexecdir@/systemd-kmsg-syslogd
 NotifyAccess=all
 StandardOutput=null
 Sockets=syslog.socket
+CapabilityBoundingSet=CAP_DAC_OVERRIDE
diff --git a/units/systemd-logger.service.in b/units/systemd-logger.service.in
index 484df7a238..5f7fe40939 100644
--- a/units/systemd-logger.service.in
+++ b/units/systemd-logger.service.in
@@ -17,3 +17,4 @@ After=syslog.socket
 ExecStart=@rootlibexecdir@/systemd-logger
 NotifyAccess=all
 StandardOutput=null
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID
-- 
cgit v1.2.3-54-g00ecf