unbound.service.in: allow CAP_NET_ADMIN

Allowing CAP_NET_ADMIN is necessary for SO_SNDBUFFORCE and SO_RCVBUFFORCE calls.
2025-12-20 23:00:56 -05:00 · 2025-09-23 13:00:50 +02:00 · 2025-09-23 13:00:50 +02:00 · fa6340cfa5
commit fa6340cfa5
parent e471e15774
1 changed files with 1 additions and 1 deletions
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@ -59,7 +59,7 @@ ExecReload=+/bin/kill -HUP $MAINPID
 ExecStart=@UNBOUND_SBIN_DIR@/unbound -d -p
 NotifyAccess=main
 Type=notify
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW CAP_NET_ADMIN
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true