From 07b2cc746eecd6c4d514f755abd681a09432f8a9 Mon Sep 17 00:00:00 2001 From: leonard Date: Fri, 1 Dec 2023 10:19:35 +0100 Subject: [PATCH] =?UTF-8?q?fix=20des=20droits=20du=20service=20et=20de=20l?= =?UTF-8?q?'installation=20des=20d=C3=A9pendance=20python?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/systemd.service | 3 ++- scripts/_common.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 82142f7..c9aed58 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -33,7 +33,8 @@ ProtectKernelModules=yes ProtectKernelTunables=yes LockPersonality=yes SystemCallArchitectures=native -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged +#TODO : list all system call that could be needed by the application +#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/scripts/_common.sh b/scripts/_common.sh index 156ced8..9ce0c03 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -49,7 +49,7 @@ myynh_setup_python_venv() { set -x ynh_exec_as $app $data_dir/venv/bin/python3 -m ensurepip ynh_exec_as $app $data_dir/venv/bin/pip3 install --upgrade wheel pip setuptools - ynh_exec_as $app $data_dir/venv/bin/pip3 install --no-deps -r "$data_dir/requirements.txt" + ynh_exec_as $app $data_dir/venv/bin/pip3 install -r "$data_dir/requirements.txt" ) }