From f0f3f3f1cee23b9e42fc7fac76266cc4a5b7fc31 Mon Sep 17 00:00:00 2001 From: dormando Date: Sun, 18 Dec 2016 17:38:17 -0800 Subject: widen systemd caps to allow maxconns to increase the parent process is the only one using that capability, once privileges are dropped it's gone anyway. This prevents raising the connection limit from breaking. --- scripts/memcached.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/memcached.service b/scripts/memcached.service index a96445b..854b7f3 100644 --- a/scripts/memcached.service +++ b/scripts/memcached.service @@ -34,7 +34,7 @@ NoNewPrivileges=true PrivateDevices=true # Required for dropping privileges and running as a different user -CapabilityBoundingSet=CAP_SETGID CAP_SETUID +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE # Attempts to create memory mappings that are writable and executable at the same time, # or to change existing memory mappings to become executable are prohibited. -- cgit v1.2.1