cleaning

2024-09-03 20:36:11 +02:00 · 2023-04-09 23:45:39 +02:00 · 2023-04-09 23:45:39 +02:00 · 3c0043ed1b
commit 3c0043ed1b
parent 07af2e539b
6 changed files with 36 additions and 15 deletions
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -13,5 +13,39 @@ ExecStop=/bin/bash stop_xwiki.sh
 Restart=always
 RestartSec=10
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these
 # .. but this should be a good baseline
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
 DevicePolicy=closed
 ProtectClock=yes
 ProtectHostname=yes
 ProtectProc=invisible
 ProtectSystem=full
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallArchitectures=native
 SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
 CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
 CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
 CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
 CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
 CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
 CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
 CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
 [Install]
 WantedBy=multi-user.target
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@ -1,3 +0,0 @@
 This is a dummy admin doc for this app
 The app install dir is `__INSTALL_DIR__`
--- a/doc/ADMIN_fr.md
+++ b/doc/ADMIN_fr.md
@ -1,3 +0,0 @@
 Ceci est une fausse doc d'admin pour cette app
 Le dossier d'install de l'app est `__INSTALL_DIR__`
--- a/doc/DESCRIPTION.md
+++ b/doc/DESCRIPTION.md
@ -1 +1 @@
-This is a dummy description of this app features
+XWiki is an Open Source wiki engine (LGPLv2) suitable for use by workgroups (associations, companies, etc.). The software allows the rapid creation of small applications to meet different information management needs.
--- a/doc/DESCRIPTION_fr.md
+++ b/doc/DESCRIPTION_fr.md
@ -1 +1 @@
-Ceci est une fausse description des fonctionalités de l'app
+XWiki est un moteur de wiki Open Source (LGPLv2) adapté à un usage pour des groupes de travail (associations, entreprises…). Le logiciel permet la création rapide de petites applications pour répondre à différents besoins de gestion de l'information.
--- a/doc/POST_INSTALL.md
+++ b/doc/POST_INSTALL.md
@ -1,7 +0,0 @@
 This is a dummy disclaimer to display after the install
 The app url is `__DOMAIN____PATH__`
 The app install dir is `__INSTALL_DIR__`
 The app id is `__ID__`
		`@ -1,3 +0,0 @@`
			`This is a dummy admin doc for this app`

			The app install dir is `__INSTALL_DIR__`
		`@ -1,3 +0,0 @@`
			`Ceci est une fausse doc d'admin pour cette app`

			Le dossier d'install de l'app est `__INSTALL_DIR__`
		`@ -1 +1 @@`
			`This is a dummy description of this app features`				`XWiki is an Open Source wiki engine (LGPLv2) suitable for use by workgroups (associations, companies, etc.). The software allows the rapid creation of small applications to meet different information management needs.`
		`@ -1 +1 @@`
			`Ceci est une fausse description des fonctionalités de l'app`				`XWiki est un moteur de wiki Open Source (LGPLv2) adapté à un usage pour des groupes de travail (associations, entreprises…). Le logiciel permet la création rapide de petites applications pour répondre à différents besoins de gestion de l'information.`