YunoHost-Apps/ghost_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/ghost_ynh.git synced 2024-09-03 19:16:02 +02:00
Code Issues Activity Actions

Reenable RestrictAddressFamilies safety setting

Browse source 
The addition of AF_NETLINK should be enough for it to work, without allowing the dozen of other families.
This commit is contained in:
Bruno Pagani 2022-05-21 13:37:45 +00:00 committed by GitHub
parent 4a7a2e33d1
commit be258a41f3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
conf/systemd.service
View file

@ -17,8 +17,7 @@ Restart=always
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
#RestrictAddressFamilies disabled, prevents any write access on the app
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed