Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-20 16:15:59 +01:00
Code Releases Activity

Don't let systemd hide /home and /tmp

Browse Source 
Admins might expect ejabberd to be able to access data below /home or
/tmp.  For example, they might use those locations to dump/restore
Mnesia backups, or as a document root for mod_http_fileserver or
mod_http_upload.

Fixes #1297.
This commit is contained in:
Holger Weiss 2016-10-19 23:11:26 +02:00
parent 3ec68a4ecf
commit f56840a682
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ejabberd.service.template
View File

@ -14,9 +14,7 @@ Type=oneshot
RemainAfterExit=yes RemainAfterExit=yes
# The CAP_DAC_OVERRIDE capability is required for pam authentication to work # The CAP_DAC_OVERRIDE capability is required for pam authentication to work
CapabilityBoundingSet=CAP_DAC_OVERRIDE CapabilityBoundingSet=CAP_DAC_OVERRIDE
PrivateTmp=true
PrivateDevices=true PrivateDevices=true
ProtectHome=true
ProtectSystem=full ProtectSystem=full
NoNewPrivileges=true NoNewPrivileges=true