Oops, the comments were not meant to be in French: > # CAP_KILL : Nginx signals its child processes that have a different UID > # CAP_SETUID CAP_SETGID : Nginx drops privileges > # CAP_NET_BIND_SERVICE : Nginx clearly listens to ports <1024 > # CAP_SYSLOG : Nginx sends logs to syslog > CapabilityBoundingSet=CAP_KILL CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE > CAP_SYSLOG
signature.asc
Description: PGP signature
