NoNewPrivileges breaks ability to send email via sendmail because it restricts ability to run setuid/setgid binaries - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: e7b0840b88838f9e14bd2b09060d89c4a656966c
parent cb3ee4d543861e65a1de974c3920fdecdcf6a6a7
Author: Mark Felder <feld@FreeBSD.org>
Date:   Fri, 23 Oct 2020 15:32:32 -0500

NoNewPrivileges breaks ability to send email via sendmail because it restricts ability to run setuid/setgid binaries

Diffstat:
M installation/pleroma.service 2 --

1 file changed, 0 insertions(+), 2 deletions(-)
diff --git a/installation/pleroma.service b/installation/pleroma.service
@@ -31,8 +31,6 @@ ProtectHome=true
 ProtectSystem=full
 ; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
 PrivateDevices=false
-; Ensures that the service process and all its children can never gain new privileges through execve().
-NoNewPrivileges=true
 ; Drops the sysadmin capability from the daemon.
 CapabilityBoundingSet=~CAP_SYS_ADMIN