Home Esplora Aiuto
Accedi
Apq
/
389-ds-base
mirror da https://github.com/389ds/389-ds-base.git
1
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

Issue 6181 - RFE - Allow system to manage uid/gid at startup

Description:
Expand CapabilityBoundingSet to include CAP_FOWNER

Relates: https://github.com/389ds/389-ds-base/issues/6181
Relates: https://github.com/389ds/389-ds-base/issues/6906

Reviewed by: @progier389 (Thanks!)
Viktor Ashirov 8 mesi fa
parent
e15a5e5a1e
commit
50e2e36f2b
1 ha cambiato i file con 1 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 1
      wrappers/systemd.template.service.in

+ 1 - 1
wrappers/systemd.template.service.in
Vedi File 

@@ -29,7 +29,7 @@ MemoryAccounting=yes
 
 
 # Allow non-root instances to bind to low ports.
 
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID CAP_DAC_OVERRIDE CAP_CHOWN
 
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER
 
 
 PrivateTmp=on
 
 # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort