DynamicUser and python don't mix, apply by hand instead

author Tollef Fog Heen <tfheen@err.no>

Sat, 30 Sep 2017 19:44:15 +0000 (21:44 +0200)

committer Tollef Fog Heen <tfheen@err.no>

Sat, 30 Sep 2017 19:44:15 +0000 (21:44 +0200)
author Tollef Fog Heen <tfheen@err.no>
Sat, 30 Sep 2017 19:44:15 +0000 (21:44 +0200)
committer Tollef Fog Heen <tfheen@err.no>
Sat, 30 Sep 2017 19:44:15 +0000 (21:44 +0200)
diff --git a/modules/roles/templates/mirror-health.service.erb b/modules/roles/templates/mirror-health.service.erb

index 6158951..badcd33 100644 (file)
--- a/modules/roles/templates/mirror-health.service.erb
+++ b/modules/roles/templates/mirror-health.service.erb
@@ -9,7 +9,11 @@ Description=Mirror health checking <%= @healthcheck_service %>
  [Service]
  ExecStart=/usr/local/sbin/mirror-health
  RuntimeDirectory=dsa-mirror-health-<%= @healthcheck_service %>
-DynamicUser=true
+ProtectSystem=full
+ProtectHome=read-only
+PrivateTmp=true
+User=nobody
+Group=nogroup
  
  Environment="MIRROR_CHECK_SERVICE=<%= @check_service %>"
  Environment="MIRROR_CHECK_URL=<%= @url %>"
author	Tollef Fog Heen <tfheen@err.no>
	Sat, 30 Sep 2017 19:44:15 +0000 (21:44 +0200)
committer	Tollef Fog Heen <tfheen@err.no>
	Sat, 30 Sep 2017 19:44:15 +0000 (21:44 +0200)