nixos/unbound: note about the AmbientCapabilities

2020-11-01 22:11:11 +01:00
parent 5e602f88d1
commit 72fbf05c17
1 changed files with 1 additions and 0 deletions
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -137,6 +137,7 @@ in
        NotifyAccess = "main";
        Type = "notify";

+        # FIXME: Which of these do we actualy need, can we drop the chroot flag?
        AmbientCapabilities = [
          "CAP_NET_BIND_SERVICE"
          "CAP_NET_RAW"