diff options
Diffstat (limited to 'dnsdist.service.in')
| -rw-r--r-- | dnsdist.service.in | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/dnsdist.service.in b/dnsdist.service.in index eb75e76..bd810fd 100644 --- a/dnsdist.service.in +++ b/dnsdist.service.in @@ -25,10 +25,10 @@ LimitNOFILE=16384 # LimitMEMLOCK=infinity # Sandboxing -# Note: adding CAP_SYS_ADMIN (or CAP_BPF for Linux >= 5.8) is required to use eBPF support, +# Note: adding CAP_SYS_ADMIN is required to use eBPF support, # and CAP_NET_RAW to be able to set the source interface to contact a backend # If an AppArmor policy is in use, it might have to be updated to allow dnsdist to keep the -# capability: adding a 'capability bpf,' (for CAP_BPF) line to the policy is usually enough. +# capability: adding a 'capability sys_admin,' line to the policy is usually enough. CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE LockPersonality=true |