Enable systemd hardening options for named

Tony Finch dot at dotat.at
Mon Jan 15 18:15:42 UTC 2018

Ludovic Gasc <gmludo at gmail.com> wrote:
> 1. The list of minimal capabilities needed for bind to run correctly:
> http://man7.org/linux/man-pages/man7/capabilities.7.html

named already drops capabilities - have a look at the code around here:

Note that it's a bit clever - the privileges are dropped in two stages,
right at the start, and after the server has been configured.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Southeast Iceland: Westerly 6 to gale 8, veering northwesterly 4 or 5 later,
occasionally severe gale 9 at first in south. Very rough in north, otherwise
high, occasionally very high in far south. Snow showers. Good occasionally

More information about the bind-users mailing list