danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BindPaths -> ReadWritePaths for all systemd services

Browse Source
This commit is contained in:
Daniel Winzen
2020-01-05 19:31:52 +01:00
parent d7c886bb54
commit 930052fe1e
3 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
etc/systemd/system/mariadb.service.d/custom.conf
View File

@ -11,8 +11,8 @@ ProtectKernelModules=true
ProtectControlGroups=true ProtectControlGroups=true
LockPersonality=true LockPersonality=true
SystemCallArchitectures=native SystemCallArchitectures=native
BindPaths=-/var/log/mysql/ ReadWritePaths=-/var/log/mysql/
BindPaths=-/var/lib/mysql/ ReadWritePaths=-/var/lib/mysql/
BindPaths=-/var/run/mysqld/ ReadWritePaths=-/var/run/mysqld/
BindPaths=-/run/mysqld/ ReadWritePaths=-/run/mysqld/
InaccessiblePaths=/var/www/ InaccessiblePaths=/var/www/

6
etc/systemd/system/postfix.service.d/custom.conf
View File

@ -9,6 +9,6 @@ ProtectControlGroups=true
LockPersonality=true LockPersonality=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true
SystemCallArchitectures=native SystemCallArchitectures=native
BindPaths=/var/spool/ ReadWritePaths=-/var/spool/
BindPaths=/var/lib/postfix/ ReadWritePaths=-/var/lib/postfix/
InaccessiblePaths=/var/www/ InaccessiblePaths=-/var/www/

6
etc/systemd/system/postfix@.service.d/custom.conf
View File

@ -9,6 +9,6 @@ ProtectControlGroups=true
LockPersonality=true LockPersonality=true
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true
SystemCallArchitectures=native SystemCallArchitectures=native
BindPaths=/var/spool/ ReadWritePaths=-/var/spool/
BindPaths=/var/lib/ ReadWritePaths=-/var/lib/
InaccessiblePaths=/var/www/ InaccessiblePaths=-/var/www/