Only drop the capabilities from the bounding set if we are running as PID1 (#6204)
The CapabilityBoundingSet option only makes sense if we are running as PID1. The system.conf.d(5) manpage, already states that the CapabilityBoundingSet option: Controls which capabilities to include in the capability bounding set for PID 1 and its children. https://github.com/systemd/systemd/issues/6080
Loading
Please register or sign in to comment