From c0cd6de4f7519ad07dab536700cd9ab89ca86ea6 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 13 Feb 2020 11:42:21 -0500 Subject: [PATCH] Remove PrivateDevices from unit file PrivateDevices breaks pam_unix, for some reason. Remove this protection. We still have DevicePolicy closed and running as non-root, so this should still be relatively safe.i --- confluent_server/systemd/confluent.service | 1 - 1 file changed, 1 deletion(-) diff --git a/confluent_server/systemd/confluent.service b/confluent_server/systemd/confluent.service index c9d2d800..1f856701 100644 --- a/confluent_server/systemd/confluent.service +++ b/confluent_server/systemd/confluent.service @@ -18,7 +18,6 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID CAP_CHOWN User=confluent Group=confluent DevicePolicy=closed -PrivateDevices=true ProtectControlGroups=true ProtectSystem=true