From 7a1f59f12b1645935a62c5d34bcb60886961ede2 Mon Sep 17 00:00:00 2001
From: Daniel Salzman <daniel.salzman@nic.cz>
Date: Tue, 14 Jun 2022 08:42:26 +0200
Subject: [PATCH] doc: update needed capabilities for XDP mode

---
 doc/operation.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/doc/operation.rst b/doc/operation.rst
index dec7c96cc7..fd0d587c59 100644
--- a/doc/operation.rst
+++ b/doc/operation.rst
@@ -1113,11 +1113,13 @@ Pre-requisites
   And insert these lines::
 
     [Service]
-    CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
-    AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
+    CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+    AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
 
   The `CAP_SYS_RESOURCE` is needed on Linux < 5.11.
 
+  All the capabilities are dropped upon the service is started.
+
 Optimizations
 -------------
 
-- 
GitLab