I have also tried:
InheritableCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE and various other options without avail. ---------- Forwarded message ---------- From: Mathew Heard <mat...@gmail.com> Date: Wed, Oct 12, 2016 at 9:01 PM Subject: CAP_NET_ADMIN To: nginx@nginx.org Hi All, I am stuck trying to get my nginx service which is launched via SystemD to give CAP_NET_ADMIN to its workers (required for IP_TRANSPARENT). I have tried /etc/security/capability.conf & setcap. SystemD has the permission whitelisted: CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SYS_RESOURCE CAP_SETGID CAP_SETUID AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN CAP_SYS_RESOURCE CAP_SETGID CAP_SETUID Any advice? Regards, Mathew _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx