deblan-mirror/abraunegg-onedrive
deblan-mirror/abraunegg-onedrive
1
0
Fork 0
mirror of https://github.com/abraunegg/onedrive synced 2024-04-27 11:51:59 +02:00
Code Issues Projects Releases Wiki Activity

systemd: disable non-working remaining sandboxing options (#2205)

Browse source 
* systemd: use PrivateUsers= in user unit

ProtectSystem= and other sandboxing options require a user namespace in
order to work as user units (the user manager does not run as root and
thus without a user namespace it is unable to perform mounts).
This commit is contained in:
Luca Boccassi 2022-11-09 21:15:11 +01:00 committed by GitHub
parent 4a6c78a7a6
commit 39a0048445
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
contrib/systemd/onedrive.service.in
View file

@ -5,9 +5,11 @@ After=network-online.target
Wants=network-online.target Wants=network-online.target
[Service] [Service]
# Commented out hardenings are disabled because they don't work out of the box. # Commented out hardenings are disabled because they may not work out of the box on your distribution
# If you know what you are doing please try to enable them. # If you know what you are doing please try to enable them.
ProtectSystem=full ProtectSystem=full
PrivateUsers=true
#PrivateDevices=true #PrivateDevices=true
ProtectHostname=true ProtectHostname=true
#ProtectClock=true #ProtectClock=true
@ -22,4 +24,4 @@ RestartSec=3
RestartPreventExitStatus=3 RestartPreventExitStatus=3
[Install] [Install]
WantedBy=default.target WantedBy=default.target