diff options
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/netdata.service | 7 |
2 files changed, 9 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index c9a996ac..b20f03a5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +netdata (1.5.0+dfsg-5) UNRELEASED; urgency=medium + + * Make all of /var writeable avoiding any other MTA problems + * Add CAP_SETUID permission for the service + + -- Lennart Weller <lhw@ring0.de> Mon, 06 Mar 2017 14:24:59 +0100 + netdata (1.5.0+dfsg-4) unstable; urgency=medium * Update service unit configuration (Closes: #856412) diff --git a/debian/netdata.service b/debian/netdata.service index 08eaff16..56aaeb33 100644 --- a/debian/netdata.service +++ b/debian/netdata.service @@ -32,17 +32,14 @@ WorkingDirectory=/tmp NoNewPrivileges=false PermissionsStartOnly=true # CAP_SETGID is required for setgroups() -CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID PrivateTmp=true ProtectHome=read-only ProtectSystem=full ReadOnlyDirectories=/ ReadWriteDirectories=/proc/self -ReadWriteDirectories=/var/lib/netdata -ReadWriteDirectories=/var/log/netdata -ReadWriteDirectories=/var/cache/netdata -ReadWriteDirectories=-/var/spool/postfix +ReadWriteDirectories=/var # Access to devices and kernel modules and tunables is required PrivateDevices=no |