1
0
mirror of https://github.com/ArcticFoxes-net/Synapse-Ubuntu-ZFS synced 2024-11-18 08:21:34 -05:00
Synapse-Ubuntu-ZFS/etc/systemd/system/matrix-synapse.service.d/override.conf

33 lines
890 B
Plaintext
Raw Normal View History

2023-08-25 16:17:37 -04:00
[Service]
2023-09-08 17:38:07 -04:00
User=matrix-synapse
Group=matrix-synapse
ExecStartPost=/usr/bin/chgrp matrix-synapse-socket /var/lib/matrix-synapse/matrix-synapse.sock
2023-08-25 16:17:37 -04:00
# The following directives give the synapse service R/W access to:
# - /var/lib/matrix-synapse
# - /var/log/matrix-synapse
StateDirectory=matrix-synapse
LogsDirectory=matrix-synapse
######################
## Security Sandbox ##
######################
# Make sure that the service has its own unshared tmpfs at /tmp and that it
# cannot see or change any real devices
PrivateTmp=true
PrivateDevices=true
# We give no capabilities to a service by default
#CapabilityBoundingSet=
#AmbientCapabilities=
# Protect the following from modification:
# - The entire filesystem
# - sysctl settings and loaded kernel modules
# - No modifications allowed to Control Groups
# - Hostname
# - System Clock
ProtectSystem=strict
2023-09-08 17:38:07 -04:00
ProtectKernelTunables=true