CAP_SYS_ADMIN needed for running commands in a container (nsenter)
parent
6a5de578bb
commit
75800a616f
|
@ -4,7 +4,7 @@ Description=Route systemd-journal logs to filters and actions (ban, report…)
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/pyruse
|
ExecStart=/usr/bin/pyruse
|
||||||
WorkingDirectory=/etc/pyruse
|
WorkingDirectory=/etc/pyruse
|
||||||
CapabilityBoundingSet=CAP_SYS_CHROOT
|
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
|
||||||
NoNewPrivileges=true
|
NoNewPrivileges=true
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
|
|
Loading…
Reference in New Issue