From 818efcae100da92d939ef1095f04fe378370d159 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vladimir.cunat@nic.cz>
Date: Thu, 27 Oct 2022 17:31:07 +0200
Subject: [PATCH] doc XDP: update the list of required capabilities

We're the same as knotd in this; it evolved a bit
with libknot and kernel versions.  Taken from:
https://www.knot-dns.cz/docs/3.2/singlehtml/#mode-xdp-pre-requisites
---
 daemon/bindings/net_xdpsrv.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/daemon/bindings/net_xdpsrv.rst b/daemon/bindings/net_xdpsrv.rst
index 1abc9d361..e3014feca 100644
--- a/daemon/bindings/net_xdpsrv.rst
+++ b/daemon/bindings/net_xdpsrv.rst
@@ -57,8 +57,10 @@ And insert these lines:
 .. code-block:: ini
 
 	[Service]
-	CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
-	AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_RESOURCE
+        CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+        AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SYS_RESOURCE
+
+The ``CAP_SYS_RESOURCE`` is only needed on Linux < 5.11.
 
 .. TODO suggest some way for ethtool -L?  Perhaps via systemd units?
 
-- 
GitLab