Resolve merge conflict

author: rinpatch <rinpatch@sdf.org> 2019-01-13 13:38:28 +0300
committer: rinpatch <rinpatch@sdf.org> 2019-01-13 13:38:28 +0300
commit: e4dc3f71aea900e566c0d66ddffc5cd57e3920dd (patch)
tree: d0b0edfd3c7aa4c2015b0b461a4c40895e16eba9 /installation/pleroma.service
parent: 9a6236e69d2709c0df374574fd77c4b2bc3d68fb (diff)
parent: 19b6a8239387869c69c6885044ee488d097b723f (diff)
download: pleroma-e4dc3f71aea900e566c0d66ddffc5cd57e3920dd.tar.gz
pleroma-e4dc3f71aea900e566c0d66ddffc5cd57e3920dd.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/installation/pleroma.service b/installation/pleroma.service
index 6955e5cc6..f1ed56cb3 100644
--- a/installation/pleroma.service
+++ b/installation/pleroma.service
@@ -21,6 +21,8 @@ ProtectSystem=full
 PrivateDevices=false
 ; Ensures that the service process and all its children can never gain new privileges through execve().
 NoNewPrivileges=true
+; Drops the sysadmin capability from the daemon.
+CapabilityBoundingSet=~CAP_SYS_ADMIN
 
 [Install]
 WantedBy=multi-user.target
author	rinpatch <rinpatch@sdf.org>	2019-01-13 13:38:28 +0300
committer	rinpatch <rinpatch@sdf.org>	2019-01-13 13:38:28 +0300
commit	e4dc3f71aea900e566c0d66ddffc5cd57e3920dd (patch)
tree	d0b0edfd3c7aa4c2015b0b461a4c40895e16eba9 /installation/pleroma.service
parent	9a6236e69d2709c0df374574fd77c4b2bc3d68fb (diff)
parent	19b6a8239387869c69c6885044ee488d097b723f (diff)
download	pleroma-e4dc3f71aea900e566c0d66ddffc5cd57e3920dd.tar.gz pleroma-e4dc3f71aea900e566c0d66ddffc5cd57e3920dd.zip