Downgrade the level of sandboxing to prevent confusion
Strict sandboxing enabled by default caused issues for users running
appservices: https://github.com/matrix-org/synapse/issues/9327
It’s best to leave it enabled but relax a bit and let users opt in
for stricter protection if they wish.
Andrej Shadura
3 years ago
21 | 21 | PrivateDevices=yes |
22 | 22 | PrivateTmp=yes |
23 | 23 | ProtectControlGroups=yes |
24 | ProtectHome=yes | |
24 | ProtectHome=read-only | |
25 | 25 | ProtectKernelLogs=yes |
26 | 26 | ProtectKernelModules=yes |
27 | 27 | ProtectKernelTunables=yes |
28 | ProtectSystem=strict | |
28 | ProtectSystem=yes | |
29 | 29 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 |
30 | 30 | RestrictRealtime=yes |
31 | 31 | StateDirectory=matrix-synapse |