CAP_SYS_ADMIN needed for running commands in a container (nsenter)
parent
6a5de578bb
commit
75800a616f
|
@ -4,7 +4,7 @@ Description=Route systemd-journal logs to filters and actions (ban, report…)
|
|||
[Service]
|
||||
ExecStart=/usr/bin/pyruse
|
||||
WorkingDirectory=/etc/pyruse
|
||||
CapabilityBoundingSet=CAP_SYS_CHROOT
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
|
|
Loading…
Reference in New Issue