github-mirror/caddy
2
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-02-02 13:15:04 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Disable PrivateDevices in systemd as it doesn't work for some devices (#1990)

Browse Source
This commit is contained in:
magikstm 2018-02-03 13:13:23 -05:00 committed by Matt Holt
parent e20779e405
commit fd3fafa50c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dist/init/linux-systemd/caddy.service vendored
View File

@ -30,8 +30,8 @@ LimitNPROC=512
; Use private /tmp and /var/tmp, which are discarded after caddy stops. ; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true PrivateTmp=true
; Use a minimal /dev ; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=true PrivateDevices=false
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. ; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only. ; Make /usr, /boot, /etc and possibly some more folders read-only.