We are thinking that we remove both this and CapabilityBoundingSet in next release, so feel free to remove them from the unit file.
---Aki TuomiDovecot oy -------- Original message --------From: "Helmut K. C. Tessarek" <tessarek@evermeet.cx> Date: 04/04/2018 09:44 (GMT+02:00) To: dovecot@dovecot.org Subject: Re: issue with sieve forwarding after upgrade to 0.5.1 On 2018-04-04 01:54, B. Reino wrote:
The new systemd service file has NoNewPrivileges set to true. You need to override that to false and then it should work again.
It seems that the NoNewPrivileges option messes with several things. PAM authentication stopped working as well besides the fact that CAP_AUDIT_WRITE is also missing in CapabilityBoundingSet.
I've opened a pull request https://github.com/dovecot/core/pull/71 Although I removed NoNewPrivileges altogether, since I didn't know what to write in the comment.
The only thing I could think of was something along the lines:
# If you want most things to stop working, set this to true
I thought this would be rather counterproductive, thus I removed it.
Maybe somebody else could enlighten me who came up with this default setting and why it was set to true in the first place.
Cheers, K. C.
-- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944
/* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */