commit: e7b0840b88838f9e14bd2b09060d89c4a656966c
parent cb3ee4d543861e65a1de974c3920fdecdcf6a6a7
Author: Mark Felder <feld@FreeBSD.org>
Date: Fri, 23 Oct 2020 15:32:32 -0500
NoNewPrivileges breaks ability to send email via sendmail because it restricts ability to run setuid/setgid binaries
Diffstat:
1 file changed, 0 insertions(+), 2 deletions(-)
diff --git a/installation/pleroma.service b/installation/pleroma.service
@@ -31,8 +31,6 @@ ProtectHome=true
ProtectSystem=full
; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
PrivateDevices=false
-; Ensures that the service process and all its children can never gain new privileges through execve().
-NoNewPrivileges=true
; Drops the sysadmin capability from the daemon.
CapabilityBoundingSet=~CAP_SYS_ADMIN