summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2019-08-12 18:05:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2019-08-12 18:05:16 +0000
commit89f91dc89574af884b712f3c15830b1e554f8002 (patch)
treeafcc2691f0ec941a6914473ae0efdbbb026b9324
parentRenumbering patches. (diff)
downloadnetdata-89f91dc89574af884b712f3c15830b1e554f8002.tar.xz
netdata-89f91dc89574af884b712f3c15830b1e554f8002.zip
Also adding CAP_AUDIT_WRITE for netdata to allow plugins make use of PAM audit (Closes: #921409).
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/netdata-core.netdata.service2
1 files changed, 1 insertions, 1 deletions
diff --git a/debian/netdata-core.netdata.service b/debian/netdata-core.netdata.service
index e8d5df1d4..e5e124279 100644
--- a/debian/netdata-core.netdata.service
+++ b/debian/netdata-core.netdata.service
@@ -31,7 +31,7 @@ NoNewPrivileges=false
PermissionsStartOnly=true
# CAP_SETGID is required for setgroups()
# CAP_NET_RAW is needed by fping, see #864370
-CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW CAP_AUDIT_WRITE
PrivateTmp=true
ProtectHome=read-only
ProtectSystem=full