mirror of
https://github.com/ArcticFoxes-net/Synapse-Ubuntu-ZFS
synced 2024-11-14 22:51:33 -05:00
33 lines
890 B
Plaintext
33 lines
890 B
Plaintext
[Service]
|
|
User=matrix-synapse
|
|
Group=matrix-synapse
|
|
ExecStartPost=/usr/bin/chgrp matrix-synapse-socket /var/lib/matrix-synapse/matrix-synapse.sock
|
|
|
|
# The following directives give the synapse service R/W access to:
|
|
# - /var/lib/matrix-synapse
|
|
# - /var/log/matrix-synapse
|
|
|
|
StateDirectory=matrix-synapse
|
|
LogsDirectory=matrix-synapse
|
|
|
|
######################
|
|
## Security Sandbox ##
|
|
######################
|
|
|
|
# Make sure that the service has its own unshared tmpfs at /tmp and that it
|
|
# cannot see or change any real devices
|
|
PrivateTmp=true
|
|
PrivateDevices=true
|
|
|
|
# We give no capabilities to a service by default
|
|
#CapabilityBoundingSet=
|
|
#AmbientCapabilities=
|
|
|
|
# Protect the following from modification:
|
|
# - The entire filesystem
|
|
# - sysctl settings and loaded kernel modules
|
|
# - No modifications allowed to Control Groups
|
|
# - Hostname
|
|
# - System Clock
|
|
ProtectSystem=strict
|
|
ProtectKernelTunables=true |