summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog7
-rw-r--r--debian/netdata.service7
2 files changed, 9 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog
index c9a996ac..b20f03a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+netdata (1.5.0+dfsg-5) UNRELEASED; urgency=medium
+
+ * Make all of /var writeable avoiding any other MTA problems
+ * Add CAP_SETUID permission for the service
+
+ -- Lennart Weller <lhw@ring0.de> Mon, 06 Mar 2017 14:24:59 +0100
+
netdata (1.5.0+dfsg-4) unstable; urgency=medium
* Update service unit configuration (Closes: #856412)
diff --git a/debian/netdata.service b/debian/netdata.service
index 08eaff16..56aaeb33 100644
--- a/debian/netdata.service
+++ b/debian/netdata.service
@@ -32,17 +32,14 @@ WorkingDirectory=/tmp
NoNewPrivileges=false
PermissionsStartOnly=true
# CAP_SETGID is required for setgroups()
-CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID
PrivateTmp=true
ProtectHome=read-only
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=/proc/self
-ReadWriteDirectories=/var/lib/netdata
-ReadWriteDirectories=/var/log/netdata
-ReadWriteDirectories=/var/cache/netdata
-ReadWriteDirectories=-/var/spool/postfix
+ReadWriteDirectories=/var
# Access to devices and kernel modules and tunables is required
PrivateDevices=no