diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2019-08-12 18:05:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2019-08-12 18:05:16 +0000 |
commit | 89f91dc89574af884b712f3c15830b1e554f8002 (patch) | |
tree | afcc2691f0ec941a6914473ae0efdbbb026b9324 | |
parent | Renumbering patches. (diff) | |
download | netdata-89f91dc89574af884b712f3c15830b1e554f8002.tar.xz netdata-89f91dc89574af884b712f3c15830b1e554f8002.zip |
Also adding CAP_AUDIT_WRITE for netdata to allow plugins make use of PAM audit (Closes: #921409).
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | debian/netdata-core.netdata.service | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/debian/netdata-core.netdata.service b/debian/netdata-core.netdata.service index e8d5df1d4..e5e124279 100644 --- a/debian/netdata-core.netdata.service +++ b/debian/netdata-core.netdata.service @@ -31,7 +31,7 @@ NoNewPrivileges=false PermissionsStartOnly=true # CAP_SETGID is required for setgroups() # CAP_NET_RAW is needed by fping, see #864370 -CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW CAP_AUDIT_WRITE PrivateTmp=true ProtectHome=read-only ProtectSystem=full |