From f896e1c3fb05bb0e77a85ab93a1b3f8b8386eeb9 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 22 Sep 2022 02:40:04 +0200 Subject: [PATCH] Disabling sandboxing --- conf/systemd.service | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index eef34bf..02006c4 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -22,16 +22,16 @@ ExecStart=/usr/bin/java \ # See https://www.freedesktop.org/software/systemd/man/systemd.exec.html # for details -DeviceAllow=char-alsa rw -NoNewPrivileges=yes -PrivateTmp=yes -PrivateUsers=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap -ReadWritePaths=__FINALPATH__ +#DeviceAllow=char-alsa rw +#NoNewPrivileges=yes +#PrivateTmp=yes +#PrivateUsers=yes +#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +#RestrictNamespaces=yes +#RestrictRealtime=yes +#DevicePolicy=closed +#SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap +#ReadWritePaths=__FINALPATH__ # You can uncomment the following line if you're not using the jukebox # This will prevent airsonic from accessing any real (physical) devices @@ -40,10 +40,10 @@ ReadWritePaths=__FINALPATH__ # You can change the following line to `strict` instead of `full` # if you don't want airsonic to be able to # write anything on your filesystem outside of AIRSONIC_HOME. -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes +#ProtectSystem=full +#ProtectControlGroups=yes +#ProtectKernelModules=yes +#ProtectKernelTunables=yes # You can uncomment the following line if you don't have any media # in /home/…. This will prevent airsonic from ever reading/writing anything there.