From 1c1803e1038cf0d2f4dc843dd48f2ec4c16c2e51 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 May 2015 17:40:05 +0200
Subject: [PATCH] units: conditionalize audit multicast socket on
CAP_AUDIT_READ
The multicast logic can only work if the capability is available, hence
require it.
(cherry picked from commit 01906c76c1a6eafc0dccf83b672ff1f3ed3e3338)
---
units/systemd-journald-audit.socket | 1 +
1 file changed, 1 insertion(+)
diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket
index 35397aaeb8..541f2cf38d 100644
--- a/units/systemd-journald-audit.socket
+++ b/units/systemd-journald-audit.socket
@@ -11,6 +11,7 @@ Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Before=sockets.target
ConditionSecurity=audit
+ConditionCapability=CAP_AUDIT_READ
[Socket]
Service=systemd-journald.service