SYSTEMD: remove unused CAP_KILL

There are some known issues like #5536 but those have to be solved differently. Having 'CAP_KILL' in sssd.service doesn't help anyway (and currently isn't used anyhow). Reviewed-by: Justin Stephenson <[email protected]> Reviewed-by: Pavel Březina <[email protected]> Reviewed-by: Sumit Bose <[email protected]>
SSSD · Mar 18, 2024 · 5bd5202 · 5bd5202
1 parent 0d686b5
commit 5bd5202
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
@@ -17,7 +17,7 @@ PIDFile=@pidpath@/sssd.pid
 # Currently main SSSD process ('sssd') always runs under 'root'
 # ('User=' and 'Group=' defaults to 'root' for system services)
 # 'CapabilityBoundingSet' is used to limit privileges set:
-CapabilityBoundingSet= @additional_caps@ CAP_CHOWN CAP_KILL CAP_SETGID CAP_SETUID
+CapabilityBoundingSet= @additional_caps@ CAP_CHOWN CAP_SETGID CAP_SETUID
 Restart=on-abnormal
 @supplementary_groups@