diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-06-07 21:38:28 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-06-07 21:38:32 +0200 |
| commit | bf6d69d38578245302525395f5f53ac40f441f0c (patch) | |
| tree | 5f13d43450291f066b66f69c62c30b465acf1693 | |
| parent | c0ed2bb7151d9a72a8606aff7d513a2687a3bb19 (diff) | |
wwsympa systemd service file: Set PrivateTmp=yes.
The CGI wants to create a temp file during bulk subcription.
| -rw-r--r-- | roles/lists/files/lib/systemd/system/wwsympa.service | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/lists/files/lib/systemd/system/wwsympa.service b/roles/lists/files/lib/systemd/system/wwsympa.service index b525145..bdbf17e 100644 --- a/roles/lists/files/lib/systemd/system/wwsympa.service +++ b/roles/lists/files/lib/systemd/system/wwsympa.service @@ -1,23 +1,24 @@ [Unit] Description=WWSympa Service After=network.target PartOf=sympa.service Requires=wwsympa.socket [Service] StandardInput=socket User=sympa Group=sympa ExecStart=/usr/lib/cgi-bin/sympa/wwsympa.fcgi # Hardening NoNewPrivileges=yes PrivateDevices=yes ProtectHome=yes ProtectSystem=full +PrivateTmp=yes ReadOnlyDirectories=/ ReadWriteDirectories=-/var/lib/sympa ReadWriteDirectories=-/var/run/sympa [Install] WantedBy=multi-user.target |