dotya.ml/renovate-bot
2
0
Fork 0
Code Issues Pull Requests Releases Activity

systemd: revise SystemCallFilter

Browse Source
This commit is contained in:
surtur 2022-07-04 12:54:54 +02:00
parent e808acd042
commit 03d1ac1aae
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/systemd/system/renovate.service
View File

@ -58,7 +58,7 @@ RestrictRealtime=true
RestrictSUIDSGID=true
SecureBits=noroot-locked
SystemCallArchitectures=native
SystemCallFilter=~memfd_create @mount @reboot @swap @privileged @resources @cpu-emulation @debug @clock @obsolete
SystemCallFilter=~memfd_create @mount @reboot @swap @cpu-emulation @debug @clock @raw-io @obsolete
RestrictNamespaces=uts ipc pid user
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_CHROOT CAP_LINUX_IMMUTABLE CAP_AUDIT_*