diff options
| author | Yurii Izorkin <izorkin@elven.pw> | 2021-04-24 14:41:03 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-24 13:41:03 +0200 |
| commit | 863ae47b5145e53c6cc820bd7eff0efd41339e03 (patch) | |
| tree | df94b8f7100addc3041666d204c2e0cb396ebb13 /dist | |
| parent | f4b7c6b61914070e590507bcb33e4345d3f9b0b9 (diff) | |
templates/systemd/mastodon: update sandbox mode (#16103)
Diffstat (limited to 'dist')
| -rw-r--r-- | dist/mastodon-sidekiq.service | 2 | ||||
| -rw-r--r-- | dist/mastodon-streaming.service | 2 | ||||
| -rw-r--r-- | dist/mastodon-web.service | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/dist/mastodon-sidekiq.service b/dist/mastodon-sidekiq.service index 0bb0a800f..e171475b5 100644 --- a/dist/mastodon-sidekiq.service +++ b/dist/mastodon-sidekiq.service @@ -38,7 +38,7 @@ PrivateMounts=true ProtectClock=true # System Call Filtering SystemCallArchitectures=native -SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap [Install] WantedBy=multi-user.target diff --git a/dist/mastodon-streaming.service b/dist/mastodon-streaming.service index 1443ca1c8..0befc529a 100644 --- a/dist/mastodon-streaming.service +++ b/dist/mastodon-streaming.service @@ -38,7 +38,7 @@ PrivateMounts=true ProtectClock=true # System Call Filtering SystemCallArchitectures=native -SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap [Install] WantedBy=multi-user.target diff --git a/dist/mastodon-web.service b/dist/mastodon-web.service index 3383f33e3..fd9e28770 100644 --- a/dist/mastodon-web.service +++ b/dist/mastodon-web.service @@ -38,7 +38,7 @@ PrivateMounts=true ProtectClock=true # System Call Filtering SystemCallArchitectures=native -SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap [Install] WantedBy=multi-user.target |