首頁 探索 說明
登入
mirrors
/
jellyfin
镜像来自 https://github.com/jellyfin/jellyfin
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

Revert some hardening that breaks LXC

For each of these, we should be OK since we run as an unprivileged user
anyways.
Joshua M. Boniface 3 年之前
父節點
2c6d6dbbf8
當前提交
9a2b88cb1f
共有 1 個文件被更改,包括 6 次插入6 次删除
分割檢視 顯示文件統計
  1. 6 6
      debian/jellyfin.service

+ 6 - 6
debian/jellyfin.service
查看文件 

@@ -13,17 +13,17 @@ TimeoutSec = 15
 
 NoNewPrivileges=true
 
 SystemCallArchitectures=native
 
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 
-RestrictNamespaces=true
 
+RestrictNamespaces=false
 
 RestrictRealtime=true
 
 RestrictSUIDSGID=true
 
 ProtectClock=true
 
-ProtectControlGroups=true
 
+ProtectControlGroups=false
 
 ProtectHostname=true
 
-ProtectKernelLogs=true
 
-ProtectKernelModules=true
 
-ProtectKernelTunables=true
 
+ProtectKernelLogs=false
 
+ProtectKernelModules=false
 
+ProtectKernelTunables=false
 
 LockPersonality=true
 
-PrivateTmp=true
 
+PrivateTmp=false
 
 PrivateDevices=false
 
 PrivateUsers=true
 
 RemoveIPC=true