YunoHost-Apps/bookwyrm_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/bookwyrm_ynh.git synced 2024-09-03 18:16:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix service config

Browse source
This commit is contained in:
Thomas 2023-11-07 22:19:44 +01:00 committed by GitHub
parent 404978fe70
commit fca52d6ff8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/bookwyrm-server.service
View file

@ -37,7 +37,7 @@ RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
DevicePolicy=closed
ProtectProc=invisible
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
[Install]
WantedBy=multi-user.target

4
conf/bookwyrm-worker.service
View file

@ -13,7 +13,7 @@ ExecStart=__INSTALL_DIR__/venv/bin/celery -A celerywyrm worker -l info -Q high_p
ProtectSystem=strict
ProtectHome=tmpfs
#InaccessiblePaths=-/media -/mnt -/srv
InaccessiblePaths=-/media -/mnt -/srv
PrivateTmp=yes
TemporaryFileSystem=/var /run
#PrivateUsers=true
@ -37,7 +37,7 @@ RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
DevicePolicy=closed
ProtectProc=invisible
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html