logind: run with CAP_SYS_ADMIN

DRM Master access requires CAP_SYS_ADMIN, yay! Add it to the capability bounding set for systemd-logind. As CAP_SYS_ADMIN actually allows a huge set of actions, this mostly renders the restriction-set useless. Anyway, patches are already pending to reduce the restriction on the kernel side. But these won't really make it into any stable-release so for now we're stuck with CAP_SYS_ADMIN.
author: David Herrmann <dh.herrmann@gmail.com> 2013-10-01 17:59:44 +0200
committer: David Herrmann <dh.herrmann@gmail.com> 2013-10-01 17:59:44 +0200
commit: 11c2f7a81381127c253cc6fd05da6dad0d842336 (patch)
tree: d3c83bfb3a137739dc1ee625d27b9630492ddbd9
parent: dfd552707d43087a1e0079cdae9f5290e14b78e9 (diff)
download: systemd-11c2f7a81381127c253cc6fd05da6dad0d842336.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index 6b687171ca..31b5cd011f 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -18,7 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-logind
 Restart=always
 RestartSec=0
 BusName=org.freedesktop.login1
-CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
 
 # Increase the default a bit in order to allow many simultaneous
 # logins since we keep one fd open per session.
author	David Herrmann <dh.herrmann@gmail.com>	2013-10-01 17:59:44 +0200
committer	David Herrmann <dh.herrmann@gmail.com>	2013-10-01 17:59:44 +0200
commit	11c2f7a81381127c253cc6fd05da6dad0d842336 (patch)
tree	d3c83bfb3a137739dc1ee625d27b9630492ddbd9
parent	dfd552707d43087a1e0079cdae9f5290e14b78e9 (diff)
download	systemd-11c2f7a81381127c253cc6fd05da6dad0d842336.tar.gz