diff options
| author | Yurii Izorkin <izorkin@elven.pw> | 2021-04-27 21:34:53 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-27 20:34:53 +0200 |
| commit | 7da104eb11d3df12f89489a7d728b8b5df8425a8 (patch) | |
| tree | b82919604338078ae8cb33742874344c0435c080 | |
| parent | 0bc909687af6d5176318fc82db8b497dfff040e1 (diff) | |
templates/systemd/mastodon: optimize SystemCallFilters (#16127)
| -rw-r--r-- | dist/mastodon-sidekiq.service | 2 | ||||
| -rw-r--r-- | dist/mastodon-web.service | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/dist/mastodon-sidekiq.service b/dist/mastodon-sidekiq.service index e171475b565..9dd21b8a005 100644 --- a/dist/mastodon-sidekiq.service +++ b/dist/mastodon-sidekiq.service @@ -38,7 +38,7 @@ PrivateMounts=true ProtectClock=true # System Call Filtering SystemCallArchitectures=native -SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap [Install] WantedBy=multi-user.target diff --git a/dist/mastodon-web.service b/dist/mastodon-web.service index fd9e287706c..c106a48608c 100644 --- a/dist/mastodon-web.service +++ b/dist/mastodon-web.service @@ -38,7 +38,7 @@ PrivateMounts=true ProtectClock=true # System Call Filtering SystemCallArchitectures=native -SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @resources @setuid @swap [Install] WantedBy=multi-user.target |