diff options
| author | Joey Hess <joeyh@joeyh.name> | 2020-08-20 13:21:10 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2020-08-20 13:21:10 -0400 |
| commit | 8b55bdf07277327d5169bb4b4144f30f606200ae (patch) | |
| tree | abddd0b2d229c4f840ee025212b50a5acb1c52df | |
| parent | 294438a3e2bdbd28dadaa2abdba127a1abe49cbf (diff) | |
| download | debug-me-8b55bdf07277327d5169bb4b4144f30f606200ae.tar.gz | |
debug-me.service: Remove /etc from InaccessiblePaths
As that prevents the server sending email using eg postfix, which needs to
read its config files.
This locking down was inherited from keysafe, which has more stringent
security needs, and is not needed here. I left /home in the list,
because why not.
This commit was sponsored by Brett Eisenberg on Patreon.
| -rw-r--r-- | CHANGELOG | 8 | ||||
| -rw-r--r-- | debug-me.service | 2 |
2 files changed, 9 insertions, 1 deletions
@@ -1,3 +1,11 @@ +debug-me (1.20190927) UNRELEASED; urgency=medium + + * debug-me.service: Remove /etc from InaccessiblePaths, + as that prevents the server sending email using eg postfix, + which needs to read its config files. + + -- Joey Hess <id@joeyh.name> Thu, 20 Aug 2020 13:15:22 -0400 + debug-me (1.20190926) unstable; urgency=medium * Avoid a crash when run without a controlling tty, which may happen diff --git a/debug-me.service b/debug-me.service index 7b184c8..4b7c27a 100644 --- a/debug-me.service +++ b/debug-me.service @@ -6,7 +6,7 @@ Documentation=https://debug-me.branchable.com/ Environment='DAEMON_PARAMS=--server /var/log/debug-me/ --delete-old-logs' EnvironmentFile=-/etc/default/debug-me ExecStart=/usr/bin/debug-me $DAEMON_PARAMS -InaccessiblePaths=/home /etc +InaccessiblePaths=/home ReadWritePaths=/var/log/debug-me User=debug-me Group=debug-me |