From 0242cdc0972cd3c93c15a2994a67b3d00164b98a Mon Sep 17 00:00:00 2001
From: YEVHENII SHCHERBINA <yevhenii@coder.com>
Date: Tue, 25 Nov 2025 13:47:06 +0000
Subject: [PATCH] add sys-admin for boundary-run

---
 scripts/boundary-wrapper.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/boundary-wrapper.sh b/scripts/boundary-wrapper.sh
index 22fc9ac..77296bf 100644
--- a/scripts/boundary-wrapper.sh
+++ b/scripts/boundary-wrapper.sh
@@ -24,7 +24,7 @@ exec sudo -E env PATH="$PATH" setpriv \
     --reuid="$(id -u)" \
     --regid="$(id -g)" \
     --clear-groups \
-    --inh-caps=+net_admin \
-    --ambient-caps=+net_admin \
+    --inh-caps=+net_admin,+sys_admin \
+    --ambient-caps=+net_admin,+sys_admin \
     "$BOUNDARY_BIN" "$@"