From 3834f651660054b80b39d08540af8b78f522e41f Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Tue, 30 Jan 2024 21:36:17 +0100
Subject: [PATCH] SYSTEMD: remove unused CAP_KILL

There are some known issues like #5536 but those have to be
solved differently. Having 'CAP_KILL' in sssd.service doesn't
help anyway (and currently isn't used anyhow).
---
 src/sysv/systemd/sssd.service.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
index b988d43b6d9..5c9942ed200 100644
--- a/src/sysv/systemd/sssd.service.in
+++ b/src/sysv/systemd/sssd.service.in
@@ -17,7 +17,7 @@ PIDFile=@pidpath@/sssd.pid
 # Currently main SSSD process ('sssd') always runs under 'root'
 # ('User=' and 'Group=' defaults to 'root' for system services)
 # 'CapabilityBoundingSet' is used to limit privileges set:
-CapabilityBoundingSet= @additional_caps@ CAP_CHOWN CAP_KILL CAP_SETGID CAP_SETUID
+CapabilityBoundingSet= @additional_caps@ CAP_CHOWN CAP_SETGID CAP_SETUID
 Restart=on-abnormal
 @supplementary_groups@