Add CAP_SETPCAP to CapabilityBoundingSet in irqbalance.service

A error message of 'libcap-ng used by "/usr/sbin/irqbalance" failed dropping bounding set due to not having CAP_SETPCAP in capng_apply' is noticed. Previously a similar issue[1] has been fixed by the following commit: efab272 Drop CapabilityBoundingSet from irqbalance service 43751df drop NoNewPrivs from irqbalance service in which, CapabilityBoundingSet and NoNewPrivs parameters are dropped from the irqbalance.service, and get restored by the following commit later: a99b604 Set additional systemd options for service So this patch will not do the dropping again, but add CAP_SETPCAP to CapabilityBoundingSet instead. [1]: #182 Signed-off-by: Tao Liu <ltao@redhat.com>
Irqbalance · Aug 20, 2024 · 196385b · 196385b
1 parent a350549
commit 196385b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/misc/irqbalance.service b/misc/irqbalance.service
@@ -9,7 +9,7 @@ ConditionCPUs=>1
 EnvironmentFile=-/usr/lib/irqbalance/defaults.env
 EnvironmentFile=-/path/to/irqbalance.env
 ExecStart=/usr/sbin/irqbalance $IRQBALANCE_ARGS
-CapabilityBoundingSet=
+CapabilityBoundingSet=CAP_SETPCAP
 NoNewPrivileges=yes
 ProtectSystem=strict
 ReadOnlyPaths=/