Hi Michael,
On 5/16/20 10:43 PM, Michael Ströder via Pdns-users wrote:
> On 5/16/20 10:25 PM, bert hubert wrote:
>> On Sat, May 16, 2020 at 08:42:21PM +0200, Michael Ströder via Pdns-users
>> wrote:
>>> But I wonder why CAP_CHOWN is set in CapabilityBoundingSet= and
>>> AmbientCapabilities= and
On 5/16/20 10:25 PM, bert hubert wrote:
> On Sat, May 16, 2020 at 08:42:21PM +0200, Michael Ströder via Pdns-users
> wrote:
>> But I wonder why CAP_CHOWN is set in CapabilityBoundingSet= and
>> AmbientCapabilities= and I could not find a reason in the git history of
>> that file.
>
> We chown
On Sat, May 16, 2020 at 08:42:21PM +0200, Michael Ströder via Pdns-users wrote:
> But I wonder why CAP_CHOWN is set in CapabilityBoundingSet= and
> AmbientCapabilities= and I could not find a reason in the git history of
> that file.
Hi Michael,
We chown the UNIX domain control socket to the
HI!
I appreciate that
pdns/recursordist/pdns-recursor.service.in
already contains some of systemd's hardening options.
But I wonder why CAP_CHOWN is set in CapabilityBoundingSet= and
AmbientCapabilities= and I could not find a reason in the git history of
that file.
It seems to run without that
