Addd sandboxing exception for `/run/netdata`. (#9613)

This marks `/run/netdata` as writable in our systemd unit files so that users who are listening on a UNIX socket in the 'standard' location can do so witout the sandboxing getting in their way.
author: Austin S. Hemmelgarn <austin@netdata.cloud> 2020-07-27 09:14:59 -0400
committer: GitHub <noreply@github.com> 2020-07-27 09:14:59 -0400
commit: 92b7d6fe9af95edf7d082a3c49e514b62d9acd13 (patch)
tree: b1f28680fac6578b80bf893ae37484d3b3d95d99 /system
parent: 7377887f361fa08ad0101e2af2a8af41a7d29187 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/system/netdata.service.in b/system/netdata.service.in
index 89755146c2..a1d7c5735b 100644
--- a/system/netdata.service.in
+++ b/system/netdata.service.in
@@ -61,6 +61,8 @@ ProtectHome=read-only
 #PrivateTmp=true
 ProtectControlGroups=true
 PrivateMounts=true
+# We whitelist this because it's the standard location to listen on a UNIX socket.
+ReadWriteDirectories=/run/netdata
 
 [Install]
 WantedBy=multi-user.target
author	Austin S. Hemmelgarn <austin@netdata.cloud>	2020-07-27 09:14:59 -0400
committer	GitHub <noreply@github.com>	2020-07-27 09:14:59 -0400
commit	92b7d6fe9af95edf7d082a3c49e514b62d9acd13 (patch)
tree	b1f28680fac6578b80bf893ae37484d3b3d95d99 /system
parent	7377887f361fa08ad0101e2af2a8af41a7d29187 (diff)