dotya.ml/ drone-ci-configs
2
0
Fork 0
Code Issues Pull Requests Releases Activity

systemd(SystemCallFilter=~): allow resources group

This commit is contained in:
surtur 2022-09-28 16:32:40 +02:00
parent 0229ed60ec
commit 260ad07626
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/systemd/system/drone.service
View File

@ -22,7 +22,7 @@ IOSchedulingPriority=0
CapabilityBoundingSet=
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_CHROOT CAP_AUDIT_*
SystemCallFilter=~memfd_create @reboot @swap @resources @cpu-emulation @debug @module @clock @raw-io @obsolete
SystemCallFilter=~memfd_create @reboot @swap @cpu-emulation @debug @module @clock @raw-io @obsolete
ProtectProc=invisible
ProcSubset=pid
ProtectHome=true