From 43716ab4e0d40bb004925e22a69ae0862781307b Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <mikhailnov@dumalogiya.ru>
Date: Mon, 8 Oct 2018 14:55:47 +0300
Subject: [PATCH] add CapabilityBoundingSet=~CAP_SYS_ADMIN

---
 dhcpd.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dhcpd.service b/dhcpd.service
index 1ed184e..e832b02 100644
--- a/dhcpd.service
+++ b/dhcpd.service
@@ -13,6 +13,7 @@ ExecStart=/usr/sbin/dhcpd -pf /run/dhcpd/dhcpd.pid -cf $CONFIGFILE -lf $LEASEFIL
 PIDFile=/run/dhcpd/dhcpd.pid
 User=isc-dhcpd
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN
 ProtectSystem=full
 ProtectHome=true
 KillSignal=SIGINT