]> cat aescling's git repositories - mastodon.git/commitdiff
cat aescling's git repositories / mastodon.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f4b7c6b)
templates/systemd/mastodon: update sandbox mode (#16103)
authorYurii Izorkin <izorkin@elven.pw>
Sat, 24 Apr 2021 11:41:03 +0000 (14:41 +0300)
committerGitHub <noreply@github.com>
Sat, 24 Apr 2021 11:41:03 +0000 (13:41 +0200)
dist/mastodon-sidekiq.service patch | blob | history
dist/mastodon-streaming.service patch | blob | history
dist/mastodon-web.service patch | blob | history

diff --git a/dist/mastodon-sidekiq.service b/dist/mastodon-sidekiq.service
index 0bb0a800fe2ee76f08c99140671b931cea3ab6ad..e171475b5659359a83d2c10d7e0575d65e6676f0 100644 (file)
--- a/dist/mastodon-sidekiq.service
+++ b/dist/mastodon-sidekiq.service
@@ -38,7 +38,7 @@ PrivateMounts=true
 ProtectClock=true
 # System Call Filtering
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
 
 [Install]
 WantedBy=multi-user.target
diff --git a/dist/mastodon-streaming.service b/dist/mastodon-streaming.service
index 1443ca1c8856165462e42b6f6fee60ad6487e52e..0befc529aa1d96a21a5360bace63fd97aa397edf 100644 (file)
--- a/dist/mastodon-streaming.service
+++ b/dist/mastodon-streaming.service
@@ -38,7 +38,7 @@ PrivateMounts=true
 ProtectClock=true
 # System Call Filtering
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
 
 [Install]
 WantedBy=multi-user.target
diff --git a/dist/mastodon-web.service b/dist/mastodon-web.service
index 3383f33e3aa2de68368c550acb1904a859bf6ad2..fd9e287706c06afb8cce1f1679e14ca61a52e93d 100644 (file)
--- a/dist/mastodon-web.service
+++ b/dist/mastodon-web.service
@@ -38,7 +38,7 @@ PrivateMounts=true
 ProtectClock=true
 # System Call Filtering
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
 
 [Install]
 WantedBy=multi-user.target
source code fur Kibicat Mastodon