From 8b55bdf07277327d5169bb4b4144f30f606200ae Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 20 Aug 2020 13:21:10 -0400 Subject: debug-me.service: Remove /etc from InaccessiblePaths As that prevents the server sending email using eg postfix, which needs to read its config files. This locking down was inherited from keysafe, which has more stringent security needs, and is not needed here. I left /home in the list, because why not. This commit was sponsored by Brett Eisenberg on Patreon. --- debug-me.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debug-me.service') diff --git a/debug-me.service b/debug-me.service index 7b184c8..4b7c27a 100644 --- a/debug-me.service +++ b/debug-me.service @@ -6,7 +6,7 @@ Documentation=https://debug-me.branchable.com/ Environment='DAEMON_PARAMS=--server /var/log/debug-me/ --delete-old-logs' EnvironmentFile=-/etc/default/debug-me ExecStart=/usr/bin/debug-me $DAEMON_PARAMS -InaccessiblePaths=/home /etc +InaccessiblePaths=/home ReadWritePaths=/var/log/debug-me User=debug-me Group=debug-me -- cgit v1.2.3