Commit 37be4c07aa3edc53318652a664e6d9d283c9c64b - matrix-synapse

Downgrade the level of sandboxing to prevent confusion Strict sandboxing enabled by default caused issues for users running appservices: https://github.com/matrix-org/synapse/issues/9327 It’s best to leave it enabled but relax a bit and let users opt in for stricter protection if they wish. Andrej Shadura 3 years ago

1 changed file(s) with 2 addition(s) and 2 deletion(s). Raw diff Collapse all Expand all

-2

debian/matrix-synapse.service less more

21	21	PrivateDevices=yes
22	22	PrivateTmp=yes
23	23	ProtectControlGroups=yes
24		ProtectHome=yes
	24	ProtectHome=read-only
25	25	ProtectKernelLogs=yes
26	26	ProtectKernelModules=yes
27	27	ProtectKernelTunables=yes
28		ProtectSystem=strict
	28	ProtectSystem=yes
29	29	RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
30	30	RestrictRealtime=yes
31	31	StateDirectory=matrix-synapse