summaryrefslogtreecommitdiffstats
path: root/debian/netdata.service
diff options
context:
space:
mode:
Diffstat (limited to 'debian/netdata.service')
-rw-r--r--debian/netdata.service7
1 files changed, 2 insertions, 5 deletions
diff --git a/debian/netdata.service b/debian/netdata.service
index 08eaff167..56aaeb333 100644
--- a/debian/netdata.service
+++ b/debian/netdata.service
@@ -32,17 +32,14 @@ WorkingDirectory=/tmp
NoNewPrivileges=false
PermissionsStartOnly=true
# CAP_SETGID is required for setgroups()
-CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID
PrivateTmp=true
ProtectHome=read-only
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=/proc/self
-ReadWriteDirectories=/var/lib/netdata
-ReadWriteDirectories=/var/log/netdata
-ReadWriteDirectories=/var/cache/netdata
-ReadWriteDirectories=-/var/spool/postfix
+ReadWriteDirectories=/var
# Access to devices and kernel modules and tunables is required
PrivateDevices=no
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-23 23:13:52 +0000