On 5/16/20 10:25 PM, bert hubert wrote: > On Sat, May 16, 2020 at 08:42:21PM +0200, Michael Ströder via Pdns-users > wrote: >> But I wonder why CAP_CHOWN is set in CapabilityBoundingSet= and >> AmbientCapabilities= and I could not find a reason in the git history of >> that file. > > We chown the UNIX domain control socket to the 'setgid' and 'setuid' > setting. > > This is likely why we need CAP_CHOWN.
It seems to create the control socket just fine because the User= and Group= are set: srwxr-xr-x 1 pdns pdns 0 May 16 22:39 /run/pdns-recursor/pdns_recursor.controlsocket= Anything more I could test to ensure that it's safe to remove CAP_CHOWN? Ciao, Michael. _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users