On 2018-04-05 02:34, B. Reino wrote: > This way the fix survives any updates and you don't have to mess with > package-provided files.
You'd also have to add the following: CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_KILL CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_AUDIT_WRITE It won't work without CAP_AUDIT_WRITE, even, if NoNewPrivileges is set to false, at least not on my server. But as I've mentioned this _could_ be counterproductive if in the future the systemd file that comes with dovecot is changed and you forget to delete /etc/systemd/system/dovecot.service.d/NoNewPrivileges.conf again. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */
signature.asc
Description: OpenPGP digital signature
