open-source-mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert some hardening that breaks LXC

Browse Source 
For each of these, we should be OK since we run as an unprivileged user
anyways.
pull/6985/head
Joshua M. Boniface 3 years ago
parent 2c6d6dbbf8
commit 9a2b88cb1f
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File

12
debian/jellyfin.service vendored
Unescape View File

@ -13,17 +13,17 @@ TimeoutSec = 15
NoNewPrivileges=true
SystemCallArchitectures=native
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=true
RestrictNamespaces=false
RestrictRealtime=true
RestrictSUIDSGID=true
ProtectClock=true
ProtectControlGroups=true
ProtectControlGroups=false
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectKernelLogs=false
ProtectKernelModules=false
ProtectKernelTunables=false
LockPersonality=true
PrivateTmp=true
PrivateTmp=false
PrivateDevices=false
PrivateUsers=true
RemoveIPC=true

Write Preview
Loading…
Cancel
Save