Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
multiple CapabilityBoundingSet= not merged? #1221
I'm trying to confine collectd a bit.
systemd.exec(5) says, for CapabilityBoundingSet=:
When I specify the following:
collectd drops all caps, whereas I would expect it to retain both CAP_NET_RAW en CAP_NET_ADMIN.
This however works: CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN:
Am I understanding the documentation wrong, is the documentation wrong or is the code wrong ;) ?
Running systemd 2.26