From c31925604574cb53be2fb70a86cb799060e3a3a3 Mon Sep 17 00:00:00 2001 From: Florent Date: Fri, 24 Dec 2021 13:04:12 +0100 Subject: [PATCH] Fix #283, caused by module which needs to list interfaces --- conf/systemd.service | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 12a2d46..a420a86 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -17,14 +17,13 @@ SyslogIdentifier=__APP__ Restart=always # Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these +# Depending on specificities of your service/app, you may need to tweak these # .. but this should be a good baseline # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes -# RestrictAddressFamilies is causing peeertube to fail with error "uv_interface_addresses returned Unknown system error 97" -# RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes DevicePolicy=closed @@ -45,7 +44,7 @@ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target