michael.heier/jellyfin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert some hardening that breaks LXC

Browse Source 
For each of these, we should be OK since we run as an unprivileged user
anyways.
This commit is contained in:
Joshua M. Boniface 2021-12-12 16:57:35 -05:00
parent 2c6d6dbbf8
commit 9a2b88cb1f
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
debian/jellyfin.service vendored
View File

@ -13,17 +13,17 @@ TimeoutSec = 15
NoNewPrivileges=true
SystemCallArchitectures=native
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=true
RestrictNamespaces=false
RestrictRealtime=true
RestrictSUIDSGID=true
ProtectClock=true
ProtectControlGroups=true
ProtectControlGroups=false
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectKernelLogs=false
ProtectKernelModules=false
ProtectKernelTunables=false
LockPersonality=true
PrivateTmp=true
PrivateTmp=false
PrivateDevices=false
PrivateUsers=true
RemoveIPC=true