Merge branch 'no_new_privs' into 'develop'
Add no_new_privs to OpenRC service files See merge request pleroma/pleroma!3905
This commit is contained in:
commit
589301ce06
1
changelog.d/no_new_privs.add
Normal file
1
changelog.d/no_new_privs.add
Normal file
@ -0,0 +1 @@
|
||||
(hardening) Add no_new_privs=yes to OpenRC service files
|
@ -8,6 +8,7 @@ pidfile="/var/run/pleroma.pid"
|
||||
directory=/opt/pleroma
|
||||
healthcheck_delay=60
|
||||
healthcheck_timer=30
|
||||
no_new_privs="yes"
|
||||
|
||||
: ${pleroma_port:-4000}
|
||||
|
||||
|
@ -9,6 +9,7 @@ command=/opt/pleroma/bin/pleroma
|
||||
command_args="start"
|
||||
command_user=pleroma
|
||||
command_background=1
|
||||
no_new_privs="yes"
|
||||
|
||||
# Ask process to terminate within 30 seconds, otherwise kill it
|
||||
retry="SIGTERM/30/SIGKILL/5"
|
||||
|
Loading…
Reference in New Issue
Block a user