SYSTEMD: remove unused CAP_KILL

There are some known issues like SSSD#5536 but those have to be solved differently. Having 'CAP_KILL' in sssd.service doesn't help anyway (and currently isn't used anyhow).
alexey-tikhonov · Feb 12, 2024 · dee28a1 · dee28a1
1 parent 6fe71a8
commit dee28a1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
@@ -17,7 +17,7 @@ PIDFile=@pidpath@/sssd.pid
 # Currently main SSSD process ('sssd') always runs under 'root'
 # ('User=' and 'Group=' defaults to 'root' for system services)
 # 'CapabilityBoundingSet' is used to limit privileges set:
-CapabilityBoundingSet= @additional_caps@ CAP_CHOWN CAP_KILL CAP_SETGID CAP_SETUID
+CapabilityBoundingSet= @additional_caps@ CAP_CHOWN CAP_SETGID CAP_SETUID
 Restart=on-abnormal
 @supplementary_groups@