projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'resilient-user-view-2' into 'develop'
[akkoma]
/
installation
/
pleroma.service
diff --git
a/installation/pleroma.service
b/installation/pleroma.service
index 84747d95297b606964861949b60346baa2e52bbb..f1ed56cb3c8dd9db857392840ae58650cf1e3cdb 100644
(file)
--- a/
installation/pleroma.service
+++ b/
installation/pleroma.service
@@
-6,6
+6,7
@@
After=network.target postgresql.service
User=pleroma
WorkingDirectory=/home/pleroma/pleroma
Environment="HOME=/home/pleroma"
User=pleroma
WorkingDirectory=/home/pleroma/pleroma
Environment="HOME=/home/pleroma"
+Environment="MIX_ENV=prod"
ExecStart=/usr/local/bin/mix phx.server
ExecReload=/bin/kill $MAINPID
KillMode=process
ExecStart=/usr/local/bin/mix phx.server
ExecReload=/bin/kill $MAINPID
KillMode=process
@@
-20,6
+21,8
@@
ProtectSystem=full
PrivateDevices=false
; Ensures that the service process and all its children can never gain new privileges through execve().
NoNewPrivileges=true
PrivateDevices=false
; Ensures that the service process and all its children can never gain new privileges through execve().
NoNewPrivileges=true
+; Drops the sysadmin capability from the daemon.
+CapabilityBoundingSet=~CAP_SYS_ADMIN
[Install]
WantedBy=multi-user.target
[Install]
WantedBy=multi-user.target