From fd3fafa50caf0dcbe695d28b48198a1e2bf810bd Mon Sep 17 00:00:00 2001 From: magikstm Date: Sat, 3 Feb 2018 13:13:23 -0500 Subject: [PATCH] Disable PrivateDevices in systemd as it doesn't work for some devices (#1990) --- dist/init/linux-systemd/caddy.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/init/linux-systemd/caddy.service b/dist/init/linux-systemd/caddy.service index 649ec9556..61b70b1f3 100644 --- a/dist/init/linux-systemd/caddy.service +++ b/dist/init/linux-systemd/caddy.service @@ -30,8 +30,8 @@ LimitNPROC=512 ; Use private /tmp and /var/tmp, which are discarded after caddy stops. PrivateTmp=true -; Use a minimal /dev -PrivateDevices=true +; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.) +PrivateDevices=false ; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. ProtectHome=true ; Make /usr, /boot, /etc and possibly some more folders read-only.