diff --git a/mox-/forkexec_unix.go b/mox-/forkexec_unix.go
index f96aa18b0..558203bf3 100644
--- a/mox-/forkexec_unix.go
+++ b/mox-/forkexec_unix.go
@@ -59,8 +59,11 @@ func ForkExecUnprivileged() {
 	sigc := make(chan os.Signal, 1)
 	signal.Notify(sigc, os.Interrupt, syscall.SIGTERM)
 	go func() {
-		sig := <-sigc
-		p.Signal(sig)
+		for {
+			sig := <-sigc
+			err := p.Signal(sig)
+			pkglog.Check(err, "forwarding signal root to unprivileged process")
+		}
 	}()
 
 	st, err := p.Wait()
diff --git a/mox.service b/mox.service
index 563c70830..789b95e76 100644
--- a/mox.service
+++ b/mox.service
@@ -23,7 +23,7 @@ ReadWritePaths=/home/mox/config /home/mox/data
 ProtectKernelTunables=yes
 ProtectControlGroups=yes
 AmbientCapabilities=
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FSETID CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_CHOWN CAP_FSETID CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_KILL
 NoNewPrivileges=yes
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
 ProtectProc=invisible