summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-05-20 17:40:05 +0200
committerLennart Poettering <lennart@poettering.net>2015-05-20 17:40:05 +0200
commit01906c76c1a6eafc0dccf83b672ff1f3ed3e3338 (patch)
tree77ba806865211544ee85db53e0b3283dd115e39f
parentutil: introduce reset_uid_gid() for resetting all uids and gids to 0 (diff)
downloadsystemd-01906c76c1a6eafc0dccf83b672ff1f3ed3e3338.tar.xz
systemd-01906c76c1a6eafc0dccf83b672ff1f3ed3e3338.zip
units: conditionalize audit multicast socket on CAP_AUDIT_READ
The multicast logic can only work if the capability is available, hence require it.
-rw-r--r--units/systemd-journald-audit.socket1
1 files changed, 1 insertions, 0 deletions
diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket
index 35397aaeb8..541f2cf38d 100644
--- a/units/systemd-journald-audit.socket
+++ b/units/systemd-journald-audit.socket
@@ -11,6 +11,7 @@ Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Before=sockets.target
ConditionSecurity=audit
+ConditionCapability=CAP_AUDIT_READ
[Socket]
Service=systemd-journald.service