YunoHost-Apps/cac-proxy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cac-proxy_ynh.git synced 2024-09-03 18:16:07 +02:00
Code Issues Activity Actions

Fix upgrade of old stuff and security of chrome

Browse source
This commit is contained in:
Gérard Collin 2023-03-01 17:34:54 +01:00
parent 976826598c
commit ddd69d3580
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
conf/systemd.service
View file

@ -32,7 +32,8 @@ ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# We need to allow priviledged to enable chromium access to gpu
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html

6
scripts/upgrade
View file

@ -104,7 +104,11 @@ complete_install=false
# Check if we need to clean up old bad installs
if [ -f "$final_path/package.json" ]; then
complete_install=true
ynh_secure_remove --file="$final_path/*"
ynh_secure_remove --file="$final_path"
mkdir "$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
fi
#=================================================