From: Roman Hochuli Date: Fri, 22 Apr 2016 09:21:40 +0000 (+0200) Subject: fixing #3749 X-Git-Tag: rec-4.0.0-alpha3~50^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=970f340de5c002f0fad106fa8503a29bcda9bfae;p=pdns fixing #3749 --- diff --git a/contrib/systemd-pdns.service b/contrib/systemd-pdns.service index 3d54e3220..422ab898d 100644 --- a/contrib/systemd-pdns.service +++ b/contrib/systemd-pdns.service @@ -11,7 +11,7 @@ Restart=on-failure StartLimitInterval=0 PrivateTmp=true PrivateDevices=true -CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT NoNewPrivileges=true # ProtectSystem=full will disallow write access to /etc and /usr, possibly # not being able to write slaved-zones into sqlite3 or zonefiles.