projects / akkoma / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
remove id cast
[akkoma] / installation / pleroma.service
diff --git a/installation/pleroma.service b/installation/pleroma.service
index 6955e5cc65cb08fde3c48e4d1ad6740da68c273a..f1ed56cb3c8dd9db857392840ae58650cf1e3cdb 100644 (file)
--- a/installation/pleroma.service
+++ b/installation/pleroma.service
@@ -21,6 +21,8 @@ ProtectSystem=full
 PrivateDevices=false
 ; Ensures that the service process and all its children can never gain new privileges through execve().
 NoNewPrivileges=true
+; Drops the sysadmin capability from the daemon.
+CapabilityBoundingSet=~CAP_SYS_ADMIN
 
 [Install]
 WantedBy=multi-user.target
Fork of https://akkoma.dev/AkkomaGang/akkoma.git