diff options
| author | Rin Toshaka <rinpatch@sdf.org> | 2018-12-30 21:00:40 +0100 |
|---|---|---|
| committer | Rin Toshaka <rinpatch@sdf.org> | 2018-12-30 21:00:40 +0100 |
| commit | dec23500d8988c22a99f049ef1d1e49328ba075a (patch) | |
| tree | a6e16c5fa60b02058b1ebd985f20ac8f0f4ffa5b /installation | |
| parent | ab3089d6a718d4a70b0d702307d41e64e17bc505 (diff) | |
| parent | dfde2622d0c14195392e306fadc7c729c68da273 (diff) | |
| download | pleroma-dec23500d8988c22a99f049ef1d1e49328ba075a.tar.gz | |
Resolve merge conflict
Diffstat (limited to 'installation')
| -rw-r--r-- | installation/pleroma.service | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/installation/pleroma.service b/installation/pleroma.service index 6955e5cc6..f1ed56cb3 100644 --- a/installation/pleroma.service +++ b/installation/pleroma.service @@ -21,6 +21,8 @@ ProtectSystem=full PrivateDevices=false ; Ensures that the service process and all its children can never gain new privileges through execve(). NoNewPrivileges=true +; Drops the sysadmin capability from the daemon. +CapabilityBoundingSet=~CAP_SYS_ADMIN [Install] WantedBy=multi-user.target |