Add no_new_privs to OpenRC service files

This commit is contained in:
Haelwenn (lanodan) Monnier 2023-06-13 12:45:18 +02:00
parent fdb5bec431
commit a663b73634
3 changed files with 3 additions and 0 deletions

View file

@ -0,0 +1 @@
(hardening) Add no_new_privs=yes to OpenRC service files

View file

@ -8,6 +8,7 @@ pidfile="/var/run/pleroma.pid"
directory=/opt/pleroma directory=/opt/pleroma
healthcheck_delay=60 healthcheck_delay=60
healthcheck_timer=30 healthcheck_timer=30
no_new_privs="yes"
: ${pleroma_port:-4000} : ${pleroma_port:-4000}

View file

@ -9,6 +9,7 @@ command=/opt/pleroma/bin/pleroma
command_args="start" command_args="start"
command_user=pleroma command_user=pleroma
command_background=1 command_background=1
no_new_privs="yes"
# Ask process to terminate within 30 seconds, otherwise kill it # Ask process to terminate within 30 seconds, otherwise kill it
retry="SIGTERM/30/SIGKILL/5" retry="SIGTERM/30/SIGKILL/5"