From 75800a616ff997aee9b20f393f7a777ec2189d8f Mon Sep 17 00:00:00 2001
From: Y <theYinYeti@yalis.fr>
Date: Mon, 5 Feb 2018 08:30:09 +0100
Subject: [PATCH] CAP_SYS_ADMIN needed for running commands in a container
 (nsenter)

---
 extra/systemd/pyruse.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extra/systemd/pyruse.service b/extra/systemd/pyruse.service
index 1ee57d7..1b99850 100644
--- a/extra/systemd/pyruse.service
+++ b/extra/systemd/pyruse.service
@@ -4,7 +4,7 @@ Description=Route systemd-journal logs to filters and actions (ban, report…)
 [Service]
 ExecStart=/usr/bin/pyruse
 WorkingDirectory=/etc/pyruse
-CapabilityBoundingSet=CAP_SYS_CHROOT
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
 NoNewPrivileges=true
 PrivateDevices=yes
 PrivateTmp=yes