From 5c905360373d259a25c0e14e669d2d2f0843c78e Mon Sep 17 00:00:00 2001 From: Tollef Fog Heen Date: Sat, 30 Sep 2017 21:44:15 +0200 Subject: [PATCH] DynamicUser and python don't mix, apply by hand instead It seems like importing site fails for python with a dynamic user, so set the same settings and run as nobody instead. --- modules/roles/templates/mirror-health.service.erb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/roles/templates/mirror-health.service.erb b/modules/roles/templates/mirror-health.service.erb index 6158951bf..badcd33dc 100644 --- a/modules/roles/templates/mirror-health.service.erb +++ b/modules/roles/templates/mirror-health.service.erb @@ -9,7 +9,11 @@ Description=Mirror health checking <%= @healthcheck_service %> [Service] ExecStart=/usr/local/sbin/mirror-health RuntimeDirectory=dsa-mirror-health-<%= @healthcheck_service %> -DynamicUser=true +ProtectSystem=full +ProtectHome=read-only +PrivateTmp=true +User=nobody +Group=nogroup Environment="MIRROR_CHECK_SERVICE=<%= @check_service %>" Environment="MIRROR_CHECK_URL=<%= @url %>" -- 2.20.1