From e20677cfd6c78caf65a7631adf38f8bc5eb8f1a4 Mon Sep 17 00:00:00 2001
From: Mechiel Lukkien <mechiel@ueber.net>
Date: Mon, 27 Feb 2023 14:04:20 +0100
Subject: [PATCH] add missing capability CAP_FSETID to mox.service

without it, process cannot create setgid directories.
---
 mox.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mox.service b/mox.service
index 5cd50ba..10b5f24 100644
--- a/mox.service
+++ b/mox.service
@@ -22,7 +22,7 @@ ReadWritePaths=/home/mox/config /home/mox/data
 ProtectKernelTunables=yes
 ProtectControlGroups=yes
 AmbientCapabilities=
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_CHOWN
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FSETID
 NoNewPrivileges=yes
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
 ProtectProc=invisible