YunoHost-Apps/pepettes_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/pepettes_ynh.git synced 2024-09-03 19:56:35 +02:00
Code Issues Activity Actions

fix systemd sandboxing config

Browse source
This commit is contained in:
OniriCorpe 2024-05-22 19:11:11 +02:00
parent 4b9a3aa8b1
commit 7563c0db11
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/systemd.service
View file

@ -30,7 +30,7 @@ ProtectKernelModules=yes
ProtectKernelTunables=yes ProtectKernelTunables=yes
LockPersonality=yes LockPersonality=yes
SystemCallArchitectures=native SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation
# Denying access to capabilities that should not be relevant for webapps # Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html