templates/systemd/mastodon: optimize SystemCallFilters (#16127)

author Yurii Izorkin <izorkin@elven.pw>

Tue, 27 Apr 2021 18:34:53 +0000 (21:34 +0300)

committer GitHub <noreply@github.com>

Tue, 27 Apr 2021 18:34:53 +0000 (20:34 +0200)
author Yurii Izorkin <izorkin@elven.pw>
Tue, 27 Apr 2021 18:34:53 +0000 (21:34 +0300)
committer GitHub <noreply@github.com>
Tue, 27 Apr 2021 18:34:53 +0000 (20:34 +0200)
diff --git a/dist/mastodon-sidekiq.service b/dist/mastodon-sidekiq.service

index e171475b5659359a83d2c10d7e0575d65e6676f0..9dd21b8a005e8dc121b2a17ca27a39674030f6f2 100644 (file)
--- a/dist/mastodon-sidekiq.service
+++ b/dist/mastodon-sidekiq.service
@@ -38,7 +38,7 @@ PrivateMounts=true
  ProtectClock=true
  # System Call Filtering
  SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap
  
  [Install]
  WantedBy=multi-user.target
diff --git a/dist/mastodon-web.service b/dist/mastodon-web.service

index fd9e287706c06afb8cce1f1679e14ca61a52e93d..c106a48608c663728911d2794c38d64bc33ba412 100644 (file)
--- a/dist/mastodon-web.service
+++ b/dist/mastodon-web.service
@@ -38,7 +38,7 @@ PrivateMounts=true
  ProtectClock=true
  # System Call Filtering
  SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @resources @setuid @swap
  
  [Install]
  WantedBy=multi-user.target
author	Yurii Izorkin <izorkin@elven.pw>
	Tue, 27 Apr 2021 18:34:53 +0000 (21:34 +0300)
committer	GitHub <noreply@github.com>
	Tue, 27 Apr 2021 18:34:53 +0000 (20:34 +0200)
dist/mastodon-sidekiq.service		patch \| blob \| history
dist/mastodon-web.service		patch \| blob \| history