Add a little bit more detail in the comments.

author shibayashi <shibayashi@cypherpunk.observer>

Wed, 24 Oct 2018 22:57:47 +0000 (00:57 +0200)

committer shibayashi <shibayashi@cypherpunk.observer>

Wed, 24 Oct 2018 22:57:47 +0000 (00:57 +0200)
author shibayashi <shibayashi@cypherpunk.observer>
Wed, 24 Oct 2018 22:57:47 +0000 (00:57 +0200)
committer shibayashi <shibayashi@cypherpunk.observer>
Wed, 24 Oct 2018 22:57:47 +0000 (00:57 +0200)
diff --git a/installation/pleroma.service b/installation/pleroma.service

index e410764f37c9e2bacc98791646452290dea9c1ad..84747d95297b606964861949b60346baa2e52bbb 100644 (file)
--- a/installation/pleroma.service
+++ b/installation/pleroma.service
@@ -14,11 +14,11 @@ Restart=on-failure
  ; Some security directives.
  ; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
  PrivateTmp=true
-; This makes /usr, /boot, /etc read-only.
+; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
  ProtectSystem=full
  ; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
  PrivateDevices=false
-; Ensures that the service process and all its children can never gain new privileges through execve()
+; Ensures that the service process and all its children can never gain new privileges through execve().
  NoNewPrivileges=true
  
  [Install]
author	shibayashi <shibayashi@cypherpunk.observer>
	Wed, 24 Oct 2018 22:57:47 +0000 (00:57 +0200)
committer	shibayashi <shibayashi@cypherpunk.observer>
	Wed, 24 Oct 2018 22:57:47 +0000 (00:57 +0200)