xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-25 02:52:07 +00:00
Code Issues Projects Releases Wiki Activity

Remove PrivateDevices from unit file

Browse Source 
PrivateDevices breaks pam_unix, for some reason.  Remove this
protection.  We still have DevicePolicy closed and running as non-root,
so this should still be relatively safe.i
This commit is contained in:
Jarrod Johnson 2020-02-13 11:42:21 -05:00
parent 4437e81e04
commit c0cd6de4f7
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
confluent_server/systemd/confluent.service
View File

@ -18,7 +18,6 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID CAP_CHOWN
User=confluent
Group=confluent
DevicePolicy=closed
PrivateDevices=true
ProtectControlGroups=true
ProtectSystem=true