mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
Don't let systemd hide /home and /tmp
Admins might expect ejabberd to be able to access data below /home or /tmp. For example, they might use those locations to dump/restore Mnesia backups, or as a document root for mod_http_fileserver or mod_http_upload. Fixes #1297.
This commit is contained in:
parent
3ec68a4ecf
commit
f56840a682
@ -14,9 +14,7 @@ Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
# The CAP_DAC_OVERRIDE capability is required for pam authentication to work
|
||||
CapabilityBoundingSet=CAP_DAC_OVERRIDE
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=full
|
||||
NoNewPrivileges=true
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user