diff options
Diffstat (limited to 'debian/netdata.service')
-rw-r--r-- | debian/netdata.service | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/debian/netdata.service b/debian/netdata.service index 08eaff167..56aaeb333 100644 --- a/debian/netdata.service +++ b/debian/netdata.service @@ -32,17 +32,14 @@ WorkingDirectory=/tmp NoNewPrivileges=false PermissionsStartOnly=true # CAP_SETGID is required for setgroups() -CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID +CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SETGID CAP_SETUID PrivateTmp=true ProtectHome=read-only ProtectSystem=full ReadOnlyDirectories=/ ReadWriteDirectories=/proc/self -ReadWriteDirectories=/var/lib/netdata -ReadWriteDirectories=/var/log/netdata -ReadWriteDirectories=/var/cache/netdata -ReadWriteDirectories=-/var/spool/postfix +ReadWriteDirectories=/var # Access to devices and kernel modules and tunables is required PrivateDevices=no |