pleroma

commit: 589301ce0655c5a31d037f27fc1767e6dffb5381
parent fdb5bec431ad815263bae542324257a8ca29d81e
Author: lain <lain@soykaf.club>
Date:   Tue, 13 Jun 2023 13:34:21 +0000

Merge branch 'no_new_privs' into 'develop'

Add no_new_privs to OpenRC service files

See merge request pleroma/pleroma!3905
Diffstat:
A
changelog.d/no_new_privs.add
1
+
M
installation/init.d/pleroma
1
+
M
rel/files/installation/init.d/pleroma
1
+

3 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/changelog.d/no_new_privs.add b/changelog.d/no_new_privs.add
@@ -0,0 +1 @@
+(hardening) Add no_new_privs=yes to OpenRC service files
diff --git a/installation/init.d/pleroma b/installation/init.d/pleroma
@@ -8,6 +8,7 @@ pidfile="/var/run/pleroma.pid"
 directory=/opt/pleroma
 healthcheck_delay=60
 healthcheck_timer=30
+no_new_privs="yes"
 
 : ${pleroma_port:-4000}
 
diff --git a/rel/files/installation/init.d/pleroma b/rel/files/installation/init.d/pleroma
@@ -9,6 +9,7 @@ command=/opt/pleroma/bin/pleroma
 command_args="start"
 command_user=pleroma
 command_background=1
+no_new_privs="yes"
 
 # Ask process to terminate within 30 seconds, otherwise kill it
 retry="SIGTERM/30/SIGKILL/5"