Merge branch 'systemd-drop-sysadmin-privilege' into 'develop'
Security/Drops the sysadmin privilege from the daemon See merge request pleroma/pleroma!604
这个提交包含在:
当前提交
89fbed8821
@ -21,6 +21,8 @@ ProtectSystem=full
|
||||
PrivateDevices=false
|
||||
; Ensures that the service process and all its children can never gain new privileges through execve().
|
||||
NoNewPrivileges=true
|
||||
; Drops the sysadmin capability from the daemon.
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
正在加载...
在新工单中引用
屏蔽一个用户