Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add kill capability to systemd service file #85

Merged
merged 1 commit into from Sep 23, 2019
Merged

Add kill capability to systemd service file #85

merged 1 commit into from Sep 23, 2019

Conversation

sam-lunt
Copy link
Contributor

As mentioned in this issue, the ExecReload command calls kills on a process owned by the unbound user (or whatever user is configured). To do so, it needs the CAP_KILL capability. I think adding this capability to the systemd unit makes sense, since it's using kill right there in the unit file. Additionally, since the process does not run as root, the extra capability will be dropped by the main process after start up

@sam-lunt
Add kill capability to systemd service file
6943cab 
The ExecReload command calls kills on a process owned by the unbound user (or whatever user is configured). To do so, it needs the CAP_KILL capability.
@wcawijngaards wcawijngaards merged commit 3df64cc into NLnetLabs:master Sep 23, 2019
wcawijngaards added a commit that referenced this pull request Sep 23, 2019
@wcawijngaards
Changelog entry for fix #84 and #85.
06a91b0 
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
  service file to fix that systemctl reload fails.
@wcawijngaards
Copy link
Member

Thanks! Noticed that Maryse47 likes it and that was the contributor for the previous service file changes. So it looks good, merged.

@wcawijngaards wcawijngaards mentioned this pull request Sep 23, 2019
Closed
@sam-lunt sam-lunt deleted the add-cap-kill branch September 28, 2019 14:39
jedisct1 added a commit to jedisct1/unbound that referenced this pull request Oct 1, 2019
@jedisct1
Merge remote-tracking branch 'nlnet/master'
7412016 
* nlnet/master:
  Changelog note for NLnetLabs#87. - Merge NLnetLabs#87 from hardfalcon: Fix contrib/unbound.service.in,   Drop CAP_KILL, use + prefix for ExecReload= instead.
  Drop CAP_KILL, use + prefix for ExecReload= instead
  - The unbound.conf includes are sorted ascending, for include   statements with a '*' from glob.
  Changelog entry for fix NLnetLabs#84 and NLnetLabs#85. - Merge NLnetLabs#85 for NLnetLabs#84 from sam-lunt: Add kill capability to systemd   service file to fix that systemctl reload fails.
  Add kill capability to systemd service file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sam-lunt @wcawijngaards