]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9cc93ad)
Drop unneeded capabilities
authorRuben Kerkhof <ruben@rubenkerkhof.com>
Wed, 4 Feb 2015 10:04:43 +0000 (11:04 +0100)
committerRuben Kerkhof <ruben@rubenkerkhof.com>
Tue, 10 Feb 2015 08:44:47 +0000 (09:44 +0100)
The recursor only needs CAP_NET_BIND_SERVICE
to bind to port 53

contrib/systemd-pdns-recursor.service patch | blob | history

diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service
index e117604ad468fb97165dfba46b3f91dc5690f113..987dd05434644d2ad046d0cce9e9c9290b01fe12 100644 (file)
--- a/contrib/systemd-pdns-recursor.service
+++ b/contrib/systemd-pdns-recursor.service
@@ -9,6 +9,7 @@ Type=forking
 ExecStart=/usr/sbin/pdns_recursor --daemon
 PrivateTmp=true
 PrivateDevices=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy=multi-user.target
Unnamed repository; edit this file 'description' to name the repository.