For non-root services, getting Capabilities= and CapabilityBoundingSet= to do anything useful is rather tricky. Would it make sense to add AmbientCapabilities= to set ambient (and, implicitly, inheritable) capabilities, which will be available in Linux 4.3?
Alternatively, there could be a boolean option to change the meaning of Capabilities so that it uses ambient capabilities instead of whatever it currently does. --Andy
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
