YunoHost-Apps/pepettes_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/pepettes_ynh.git synced 2024-09-03 19:56:35 +02:00
Code Issues Activity Actions

remove '@setuid' from 'SystemCallFilter'

Browse source
This commit is contained in:
OniriCorpe 2024-05-23 00:36:21 +02:00
parent 885ee3193e
commit c05877ea26
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/systemd.service
View file

@ -30,7 +30,7 @@ ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @swap @cpu-emulation
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html