summaryrefslogtreecommitdiffstats
path: root/dnsdist.service.in
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-26 06:28:35 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-26 06:28:35 +0000
commit037d21f508ef664d9592182d7b9b8d6989c28098 (patch)
treed6e5a84872adb93665f8a7e8831b70981c1c2351 /dnsdist.service.in
parentAdding upstream version 1.9.4. (diff)
downloaddnsdist-037d21f508ef664d9592182d7b9b8d6989c28098.tar.xz
dnsdist-037d21f508ef664d9592182d7b9b8d6989c28098.zip
Adding upstream version 1.9.5.upstream/1.9.5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dnsdist.service.in')
-rw-r--r--dnsdist.service.in4
1 files changed, 2 insertions, 2 deletions
diff --git a/dnsdist.service.in b/dnsdist.service.in
index eb75e76..bd810fd 100644
--- a/dnsdist.service.in
+++ b/dnsdist.service.in
@@ -25,10 +25,10 @@ LimitNOFILE=16384
# LimitMEMLOCK=infinity
# Sandboxing
-# Note: adding CAP_SYS_ADMIN (or CAP_BPF for Linux >= 5.8) is required to use eBPF support,
+# Note: adding CAP_SYS_ADMIN is required to use eBPF support,
# and CAP_NET_RAW to be able to set the source interface to contact a backend
# If an AppArmor policy is in use, it might have to be updated to allow dnsdist to keep the
-# capability: adding a 'capability bpf,' (for CAP_BPF) line to the policy is usually enough.
+# capability: adding a 'capability sys_admin,' line to the policy is usually enough.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
LockPersonality=true
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-24 04:45:14 +0000