diff options
author | Joey Hess <joeyh@joeyh.name> | 2020-08-20 13:21:10 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2020-08-20 13:21:10 -0400 |
commit | 8b55bdf07277327d5169bb4b4144f30f606200ae (patch) | |
tree | abddd0b2d229c4f840ee025212b50a5acb1c52df /debug-me.service | |
parent | 294438a3e2bdbd28dadaa2abdba127a1abe49cbf (diff) | |
download | debug-me-8b55bdf07277327d5169bb4b4144f30f606200ae.tar.gz |
debug-me.service: Remove /etc from InaccessiblePaths
As that prevents the server sending email using eg postfix, which needs to
read its config files.
This locking down was inherited from keysafe, which has more stringent
security needs, and is not needed here. I left /home in the list,
because why not.
This commit was sponsored by Brett Eisenberg on Patreon.
Diffstat (limited to 'debug-me.service')
-rw-r--r-- | debug-me.service | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/debug-me.service b/debug-me.service index 7b184c8..4b7c27a 100644 --- a/debug-me.service +++ b/debug-me.service @@ -6,7 +6,7 @@ Documentation=https://debug-me.branchable.com/ Environment='DAEMON_PARAMS=--server /var/log/debug-me/ --delete-old-logs' EnvironmentFile=-/etc/default/debug-me ExecStart=/usr/bin/debug-me $DAEMON_PARAMS -InaccessiblePaths=/home /etc +InaccessiblePaths=/home ReadWritePaths=/var/log/debug-me User=debug-me Group=debug-me |