From 6b37a90b403ef8fdaf2def8e4c96b8cdf3857881 Mon Sep 17 00:00:00 2001 From: Ruben Kerkhof Date: Wed, 4 Feb 2015 11:04:43 +0100 Subject: [PATCH] Drop unneeded capabilities The recursor only needs CAP_NET_BIND_SERVICE to bind to port 53 --- contrib/systemd-pdns-recursor.service | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service index e117604ad..987dd0543 100644 --- a/contrib/systemd-pdns-recursor.service +++ b/contrib/systemd-pdns-recursor.service @@ -9,6 +9,7 @@ Type=forking ExecStart=/usr/sbin/pdns_recursor --daemon PrivateTmp=true PrivateDevices=true +CapabilityBoundingSet=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target -- 2.40.0