Disable network because tar file is pushed from Microbel separately
This commit is contained in:
parent
906f2d5594
commit
de90a8e827
@ -70,7 +70,7 @@ in {
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true; # disable for third party rotate scripts
|
||||
PrivateDevices = true;
|
||||
#PrivateNetwork = true; # disable for mail delivery
|
||||
PrivateNetwork = true; # disable for mail delivery
|
||||
PrivateTmp = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
@ -84,7 +84,7 @@ in {
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true; # disable for creating setgid directories
|
||||
#SocketBindDeny = [ "any" ];
|
||||
SocketBindDeny = [ "any" ];
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
|
Loading…
Reference in New Issue
Block a user