From ece407ca10a584af43e7a170467ebe0513948380 Mon Sep 17 00:00:00 2001 From: Limezy Date: Tue, 20 Sep 2022 18:22:48 +0700 Subject: [PATCH] Test agressive optional bindings --- conf/systemd.service | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 35f7fc9..bc93e44 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,9 +13,9 @@ TemporaryFileSystem=/:ro # Manually mount what is needed for the service to run # Ref: https://www.sherbers.de/use-temporaryfilesystem-to-hide-files-or-directories-from-systemd-services/ -BindReadOnlyPaths=/lib/ -/lib64/ /usr/lib/ /usr/lib64/ /etc/ld.so.cache /etc/ld.so.conf /etc/ld.so.conf.d/ /etc/bindresvport.blacklist /usr/share/zoneinfo/ /usr/share/locale/ /etc/localtime /usr/share/common-licenses/ /etc/ssl/certs/ /etc/alternatives/ -BindReadOnlyPaths=/dev/log /run/systemd/journal/socket /run/systemd/journal/stdout /run/systemd/notify -BindPaths=/var/www/photoprism /var/www/photoprism/live/bin /home/yunohost.app/photoprism /usr /etc /var /home /dev /etc /usr /media /mnt /opt /proc /run /srv /sys /tmp +BindReadOnlyPaths=-/lib/ -/lib64/ -/usr/lib/ -/usr/lib64/ -/etc/ld.so.cache -/etc/ld.so.conf -/etc/ld.so.conf.d/ -/etc/bindresvport.blacklist -/usr/share/zoneinfo/ -/usr/share/locale/ -/etc/localtime -/usr/share/common-licenses/ -/etc/ssl/certs/ -/etc/alternatives/ +BindReadOnlyPaths=-/dev/log -/run/systemd/journal/socket -/run/systemd/journal/stdout -/run/systemd/notify +BindPaths=/var/www/photoprism /var/www/photoprism/live/bin /home/yunohost.app/photoprism -/usr -/etc -/var -/home -/dev -/etc -/media -/mnt -/opt -/proc -/run -/srv -/sys -/tmp EnvironmentFile=__FINALPATH__/.env WorkingDirectory=__FINALPATH__/live/bin