dotya.ml/drone-ci-configs
2
0
Fork 0
Code Issues Pull Requests Releases Activity

restrict all namespaces

Browse Source
This commit is contained in:
surtur 2022-04-20 16:52:59 +02:00
parent 02098c63d4
commit 2ddfd699c3
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/systemd/system/drone.service
View File

@ -22,7 +22,7 @@ SystemCallFilter=~memfd_create @reboot @swap @resources @cpu-emulation @debug @m
ProtectProc=invisible ProtectProc=invisible
ProcSubset=pid ProcSubset=pid
ProtectHome=true ProtectHome=true
RestrictNamespaces=uts ipc pid user cgroup RestrictNamespaces=true
NoNewPrivileges=True NoNewPrivileges=True
# SecureBits=noroot-locked # SecureBits=noroot-locked
ProtectSystem=strict ProtectSystem=strict