From 89f91dc89574af884b712f3c15830b1e554f8002 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 12 Aug 2019 20:05:10 +0200
Subject: Also adding CAP_AUDIT_WRITE for netdata to allow plugins make use of
 PAM audit (Closes: #921409).

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/netdata-core.netdata.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/netdata-core.netdata.service b/debian/netdata-core.netdata.service
index e8d5df1d4..e5e124279 100644
--- a/debian/netdata-core.netdata.service
+++ b/debian/netdata-core.netdata.service
@@ -31,7 +31,7 @@ NoNewPrivileges=false
 PermissionsStartOnly=true
 # CAP_SETGID is required for setgroups()
 # CAP_NET_RAW is needed by fping, see #864370
-CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID CAP_NET_RAW CAP_AUDIT_WRITE
 PrivateTmp=true
 ProtectHome=read-only
 ProtectSystem=full
-- 
cgit v1.2.3