1
0
mirror of https://github.com/ArcticFoxes-net/Synapse-Ubuntu-ZFS synced 2024-11-14 22:51:33 -05:00
Synapse-Ubuntu-ZFS/etc/systemd/system/matrix-synapse.service.d/override.conf
2023-09-08 14:38:07 -07:00

33 lines
890 B
Plaintext

[Service]
User=matrix-synapse
Group=matrix-synapse
ExecStartPost=/usr/bin/chgrp matrix-synapse-socket /var/lib/matrix-synapse/matrix-synapse.sock
# The following directives give the synapse service R/W access to:
# - /var/lib/matrix-synapse
# - /var/log/matrix-synapse
StateDirectory=matrix-synapse
LogsDirectory=matrix-synapse
######################
## Security Sandbox ##
######################
# Make sure that the service has its own unshared tmpfs at /tmp and that it
# cannot see or change any real devices
PrivateTmp=true
PrivateDevices=true
# We give no capabilities to a service by default
#CapabilityBoundingSet=
#AmbientCapabilities=
# Protect the following from modification:
# - The entire filesystem
# - sysctl settings and loaded kernel modules
# - No modifications allowed to Control Groups
# - Hostname
# - System Clock
ProtectSystem=strict
ProtectKernelTunables=true