File pdns-4.0.3_allow_dacoverride_in_capset.patch of Package pdns
/var/lib/pdns pdns:pdns 750
/var/lib/pdns/sqlite3.db pdns:pdns 640
during start up it seems pdns tries to open the file as root
which fails because of the permissions, internally it tries to
open it with dac override capability, which fails as it isn't
in the capability set.
Adding CAP_DAC_OVERRIDE fixes the start problems.
@@ -13,7 +13,7 @@ RestartSec=1
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT CAP_DAC_OVERRIDE
# ProtectSystem=full will disallow write access to /etc and /usr, possibly
# not being able to write slaved-zones into sqlite3 or zonefiles.