[systemd-devel] Add ambient capability support to execution environment config?

[Andy Lutomirski]

For non-root services, getting Capabilities= and CapabilityBoundingSet= to
do anything useful is rather tricky.  Would it make sense to add
AmbientCapabilities= to set ambient (and, implicitly, inheritable)
capabilities, which will be available in Linux 4.3?

Alternatively, there could be a boolean option to change the meaning of
Capabilities so that it uses ambient capabilities instead of whatever it
currently does.

--Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20151008/0d6a4983/attachment.html>