From 4ca03e3a11a5348d8057750aafa62e76ab1bd568 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 30 Sep 2024 13:30:38 +0200
Subject: [PATCH] nixos/logrotate: allow sending signal to arbitrary processes

Various postrotate scripts send e.g. SIGHUP to processes, to have them
reload their config or reopen their logfile.
---
 nixos/modules/services/logging/logrotate.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix
index 412a19eadd110..1c161e167be8b 100644
--- a/nixos/modules/services/logging/logrotate.nix
+++ b/nixos/modules/services/logging/logrotate.nix
@@ -261,6 +261,7 @@ in
         CapabilityBoundingSet = [
           "CAP_CHOWN"
           "CAP_DAC_OVERRIDE"
+          "CAP_KILL"
           "CAP_SETUID"
           "CAP_SETGID"
         ];