doc XDP: update the list of required capabilities

We're the same as knotd in this; it evolved a bit with libknot and kernel versions. Taken from: https://www.knot-dns.cz/docs/3.2/singlehtml/#mode-xdp-pre-requisites
author: Vladimír Čunát <vladimir.cunat@nic.cz> 2022-10-27 17:31:07 +0200
committer: Vladimír Čunát <vladimir.cunat@nic.cz> 2022-10-27 17:31:07 +0200
commit: 818efcae100da92d939ef1095f04fe378370d159 (patch)
tree: 5933aa3c1d8dd0e15ea872137705f8221c635342 /daemon/bindings
parent: Merge !1355: daemon/network: fix heap-buffer-overflow in endpoint key generation (diff)
download: knot-resolver-818efcae100da92d939ef1095f04fe378370d159.tar.xz
knot-resolver-818efcae100da92d939ef1095f04fe378370d159.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/daemon/bindings/net_xdpsrv.rst b/daemon/bindings/net_xdpsrv.rst
index 1abc9d36..e3014fec 100644
--- a/daemon/bindings/net_xdpsrv.rst
+++ b/daemon/bindings/net_xdpsrv.rst
@@ -57,8 +57,10 @@ And insert these lines:
 .. code-block:: ini
 
 	[Service]
-	CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
-	AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
+        CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+        AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+
+The ``CAP_SYS_RESOURCE`` is only needed on Linux < 5.11.
 
 .. TODO suggest some way for ethtool -L?  Perhaps via systemd units?
author	Vladimír Čunát <vladimir.cunat@nic.cz>	2022-10-27 17:31:07 +0200
committer	Vladimír Čunát <vladimir.cunat@nic.cz>	2022-10-27 17:31:07 +0200
commit	818efcae100da92d939ef1095f04fe378370d159 (patch)
tree	5933aa3c1d8dd0e15ea872137705f8221c635342 /daemon/bindings
parent	Merge !1355: daemon/network: fix heap-buffer-overflow in endpoint key generation (diff)
download	knot-resolver-818efcae100da92d939ef1095f04fe378370d159.tar.xz knot-resolver-818efcae100da92d939ef1095f04fe378370d159.zip