diff options
author | Lennart Poettering <lennart@poettering.net> | 2012-02-09 02:06:13 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2012-02-09 02:06:13 +0100 |
commit | ccd07a083e8040a5bb091c5036ab1b4493ff8363 (patch) | |
tree | e560933ad971fd2cd6190e410ebc6496c261c15f /units/systemd-journald.service.in | |
parent | cea6691857229790d65d5694db82d8ceb95d1a3d (diff) | |
download | systemd-ccd07a083e8040a5bb091c5036ab1b4493ff8363.tar.gz |
journal: limit caps we pass to journald
Diffstat (limited to 'units/systemd-journald.service.in')
-rw-r--r-- | units/systemd-journald.service.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index 08858f38d7..c153d472c0 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -18,7 +18,7 @@ After=syslog.socket ExecStart=@rootlibexecdir@/systemd-journald NotifyAccess=all StandardOutput=null -#CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID CAP_DAC_OVERRIDE +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER # Increase the default a bit in order to allow many simultaneous # services being run since we keep one fd open per service. |