HI! I appreciate that pdns/recursordist/pdns-recursor.service.in already contains some of systemd's hardening options.
But I wonder why CAP_CHOWN is set in CapabilityBoundingSet= and AmbientCapabilities= and I could not find a reason in the git history of that file. It seems to run without that capability. Ciao, Michael. _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
