Am 05.09.2016 um 08:34 schrieb Jasper Wallace: > commenting out "NoNewPrivileges=true" in the 16.08 > ejabberd.service makes it work. > > Also is "CapabilityBoundingSet=CAP_DAC_OVERRIDE" needed?, afaict it > actually broadens ejabberd privileges rather than narrows them (it works > without it).
Please see https://github.com/processone/ejabberd/pull/1178 about that. Could you try "setcap CAP_DAC_OVERRIDE=+ep /usr/lib/erlang/p1_pam/bin/epam" instead of using sgid shadow and report back? Regards, -- .''`. Philipp Huebner <[email protected]> : :' : pgp fp: 6719 25C5 B8CD E74A 5225 3DF9 E5CA 8C49 25E4 205F `. `'` `-
signature.asc
Description: OpenPGP digital signature
