Add no_new_privs to OpenRC service files
This commit is contained in:
parent
fdb5bec431
commit
a663b73634
|
@ -0,0 +1 @@
|
||||||
|
(hardening) Add no_new_privs=yes to OpenRC service files
|
|
@ -8,6 +8,7 @@ pidfile="/var/run/pleroma.pid"
|
||||||
directory=/opt/pleroma
|
directory=/opt/pleroma
|
||||||
healthcheck_delay=60
|
healthcheck_delay=60
|
||||||
healthcheck_timer=30
|
healthcheck_timer=30
|
||||||
|
no_new_privs="yes"
|
||||||
|
|
||||||
: ${pleroma_port:-4000}
|
: ${pleroma_port:-4000}
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ command=/opt/pleroma/bin/pleroma
|
||||||
command_args="start"
|
command_args="start"
|
||||||
command_user=pleroma
|
command_user=pleroma
|
||||||
command_background=1
|
command_background=1
|
||||||
|
no_new_privs="yes"
|
||||||
|
|
||||||
# Ask process to terminate within 30 seconds, otherwise kill it
|
# Ask process to terminate within 30 seconds, otherwise kill it
|
||||||
retry="SIGTERM/30/SIGKILL/5"
|
retry="SIGTERM/30/SIGKILL/5"
|
||||||
|
|
Loading…
Reference in New Issue