upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-15 03:02:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #87 from hardfalcon/patch-1

Browse source 
Drop CAP_KILL, use + prefix for ExecReload= instead
This commit is contained in:
Wouter Wijngaards 2019-09-26 13:17:24 +02:00 committed by GitHub
commit 710851e69a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
contrib/unbound.service.in
View file

@ -9,11 +9,11 @@ Wants=nss-lookup.target
WantedBy=multi-user.target
[Service]
ExecReload=/bin/kill -HUP $MAINPID
ExecReload=+/bin/kill -HUP $MAINPID
ExecStart=@UNBOUND_SBIN_DIR@/unbound -d
NotifyAccess=main
Type=notify
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW CAP_KILL
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true