Smalyshev closed this task as "Resolved". Smalyshev claimed this task. Smalyshev added a comment. |
We have this config in systemd right now:
PrivateDevices=yes ProtectSystem=full ProtectHome=yes NoNewPrivileges=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ReadOnlyDirectories=/ # data storage ReadWriteDirectories=/srv/wdqs # logs ReadWriteDirectories=/var/log/wdqs # already protected by PrivateTmp ReadWriteDirectories=/tmp /var/tmp
I think this can be closed. If there's more needed, please reopen and describe what is missing.
TASK DETAIL
EMAIL PREFERENCES
To: Smalyshev
Cc: JanZerebecki, Smalyshev, Aklapper, csteipp, ET4Eva, Nandana, Lahi, Gq86, Darkminds3113, Lucas_Werkmeister_WMDE, GoranSMilovanovic, QZanden, EBjune, merbst, LawExplorer, Avner, Gehel, _jensen, D3r1ck01, Jonas, FloNight, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Mbch331
Cc: JanZerebecki, Smalyshev, Aklapper, csteipp, ET4Eva, Nandana, Lahi, Gq86, Darkminds3113, Lucas_Werkmeister_WMDE, GoranSMilovanovic, QZanden, EBjune, merbst, LawExplorer, Avner, Gehel, _jensen, D3r1ck01, Jonas, FloNight, Xmlizer, jkroll, Wikidata-bugs, Jdouglas, aude, Tobias1984, Manybubbles, Mbch331
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs