Browse Source

CAP_SYS_ADMIN needed for running commands in a container (nsenter)

master
Y 3 years ago
parent
commit
75800a616f
1 changed files with 1 additions and 1 deletions
  1. +1
    -1
      extra/systemd/pyruse.service

+ 1
- 1
extra/systemd/pyruse.service View File

@ -4,7 +4,7 @@ Description=Route systemd-journal logs to filters and actions (ban, report…)
[Service]
ExecStart=/usr/bin/pyruse
WorkingDirectory=/etc/pyruse
CapabilityBoundingSet=CAP_SYS_CHROOT
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
NoNewPrivileges=true
PrivateDevices=yes
PrivateTmp=yes


Loading…
Cancel
Save