YunoHost-Apps/bookwyrm_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/bookwyrm_ynh.git synced 2024-09-03 18:16:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update bookwyrm-server.service

Browse source
This commit is contained in:
Thomas 2023-11-10 17:08:54 +01:00 committed by GitHub
parent 1880afaabf
commit aa770f0d2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
conf/bookwyrm-server.service
View file

@ -14,7 +14,7 @@ ProtectSystem=strict
ProtectHome=tmpfs ProtectHome=tmpfs
InaccessiblePaths=-/media -/mnt -/srv InaccessiblePaths=-/media -/mnt -/srv
PrivateTmp=yes PrivateTmp=yes
TemporaryFileSystem=/var /run /opt __INSTALL_DIR__ TemporaryFileSystem=/var /run
#PrivateUsers=true #PrivateUsers=true
PrivateDevices=true PrivateDevices=true
BindReadOnlyPaths=__INSTALL_DIR__ BindReadOnlyPaths=__INSTALL_DIR__
@ -31,11 +31,11 @@ ProtectControlGroups=true
RestrictRealtime=true RestrictRealtime=true
RestrictNamespaces=net RestrictNamespaces=net
#NoNewPrivileges=yes NoNewPrivileges=yes
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
#DevicePolicy=closed DevicePolicy=closed
#ProtectProc=invisible ProtectProc=invisible
#SystemCallArchitectures=native SystemCallArchitectures=native
#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged #SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps # Denying access to capabilities that should not be relevant for webapps