nser77
commented
1 year ago I'm so sorry, just one more thing:
If your version of systemd is v228 or older, edit this file to change
"AmbientCapabilities=" to "Capabilities=". If that still doesn't work,
use setcap(8) to set the capabilities listed below on the
executable file.
Hi all, I hope this PR will be helpful and appreciated.
I needed to run
corednswith systemd and I noticed that we can try to sandboxing it a bit more; I ran this step in my environment for a while with different plugins with no issues.The new
corednssystemd unit file is partially based on acassen/keepalived/blob/master/keepalived/keepalived-non-root.service.in with some additional restrictions and customizations.Please, let me know if you want me to detail this patch a bit more.