IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-22 08:56:43 -06:00
Code Issues Packages Projects Releases Wiki Activity

remove systemcallfilters sections from systemd unit files (#40176)

Browse Source
This commit is contained in:
Kevin Minehart 2021-10-08 08:50:59 -05:00 committed by GitHub
parent d9c0220824
commit cdea812cee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packaging/deb/systemd/grafana-server.service
View File

@ -29,7 +29,7 @@ TimeoutStopSec=20
CapabilityBoundingSet= CapabilityBoundingSet=
DeviceAllow= DeviceAllow=
LockPersonality=true LockPersonality=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=false
NoNewPrivileges=true NoNewPrivileges=true
PrivateDevices=true PrivateDevices=true
PrivateTmp=true PrivateTmp=true
@ -50,9 +50,6 @@ RestrictNamespaces=true
RestrictRealtime=true RestrictRealtime=true
RestrictSUIDSGID=true RestrictSUIDSGID=true
SystemCallArchitectures=native SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources
UMask=0027 UMask=0027
[Install] [Install]

5
packaging/rpm/systemd/grafana-server.service
View File

@ -28,7 +28,7 @@ TimeoutStopSec=20
CapabilityBoundingSet= CapabilityBoundingSet=
DeviceAllow= DeviceAllow=
LockPersonality=true LockPersonality=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=false
NoNewPrivileges=true NoNewPrivileges=true
PrivateDevices=true PrivateDevices=true
PrivateTmp=true PrivateTmp=true
@ -49,9 +49,6 @@ RestrictNamespaces=true
RestrictRealtime=true RestrictRealtime=true
RestrictSUIDSGID=true RestrictSUIDSGID=true
SystemCallArchitectures=native SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged
SystemCallFilter=~@resources
UMask=0027 UMask=0027
[Install] [Install]