projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
oops
[akkoma]
/
installation
/
pleroma.service
diff --git
a/installation/pleroma.service
b/installation/pleroma.service
index 6955e5cc65cb08fde3c48e4d1ad6740da68c273a..f1ed56cb3c8dd9db857392840ae58650cf1e3cdb 100644
(file)
--- a/
installation/pleroma.service
+++ b/
installation/pleroma.service
@@
-21,6
+21,8
@@
ProtectSystem=full
PrivateDevices=false
; Ensures that the service process and all its children can never gain new privileges through execve().
NoNewPrivileges=true
PrivateDevices=false
; Ensures that the service process and all its children can never gain new privileges through execve().
NoNewPrivileges=true
+; Drops the sysadmin capability from the daemon.
+CapabilityBoundingSet=~CAP_SYS_ADMIN
[Install]
WantedBy=multi-user.target
[Install]
WantedBy=multi-user.target