Need CAP_SYS_CHROOT in /lib/systemd/system/pdns-recursor.service for chroot option in config
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pdns-recursor (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hi maintainers,
as it is possible to chroot the pdns-recursor it woud be nice to have CAP_SYS_CHROOT added per default to the CapabilityBound
Thank you!
Greetings,
Lars
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: pdns-recursor 4.0.0~alpha2-
ProcVersionSign
Uname: Linux 4.4.0-64-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Thu Mar 2 12:44:40 2017
SourcePackage: pdns-recursor
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
# systemctl cat pdns-recursor. service system/ pdns-recursor. service PowerDNS Recursor man:pdns_ recursor( 1) man:rec_control(1) online. target online. target
# /lib/systemd/
[Unit]
Description=
Documentation=
Wants=network-
After=network-
[Service] /usr/sbin/ pdns_recursor --daemon val=0 ingSet= CAP_NET_ BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT =true Families= AF_UNIX AF_INET AF_INET6
Type=forking
ExecStart=
Restart=on-failure
StartLimitInter
PrivateTmp=true
PrivateDevices=true
CapabilityBound
NoNewPrivileges
ProtectSystem=full
ProtectHome=true
RestrictAddress
LimitNOFILE=4200
[Install] multi-user. target
WantedBy=