Add no_new_privs to OpenRC service files
This commit is contained in:
parent
fdb5bec431
commit
a663b73634
3 changed files with 3 additions and 0 deletions
1
changelog.d/no_new_privs.add
Normal file
1
changelog.d/no_new_privs.add
Normal file
|
@ -0,0 +1 @@
|
|||
(hardening) Add no_new_privs=yes to OpenRC service files
|
|
@ -8,6 +8,7 @@ pidfile="/var/run/pleroma.pid"
|
|||
directory=/opt/pleroma
|
||||
healthcheck_delay=60
|
||||
healthcheck_timer=30
|
||||
no_new_privs="yes"
|
||||
|
||||
: ${pleroma_port:-4000}
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ command=/opt/pleroma/bin/pleroma
|
|||
command_args="start"
|
||||
command_user=pleroma
|
||||
command_background=1
|
||||
no_new_privs="yes"
|
||||
|
||||
# Ask process to terminate within 30 seconds, otherwise kill it
|
||||
retry="SIGTERM/30/SIGKILL/5"
|
||||
|
|
Loading…
Reference in a new issue