Disable network because tar file is pushed from Microbel separately

This commit is contained in:
Alf Helge Jakobsen 2024-11-09 21:58:38 +01:00
parent 906f2d5594
commit de90a8e827

View File

@ -70,7 +70,7 @@ in {
MemoryDenyWriteExecute = true;
NoNewPrivileges = true; # disable for third party rotate scripts
PrivateDevices = true;
#PrivateNetwork = true; # disable for mail delivery
PrivateNetwork = true; # disable for mail delivery
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
@ -84,7 +84,7 @@ in {
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true; # disable for creating setgid directories
#SocketBindDeny = [ "any" ];
SocketBindDeny = [ "any" ];
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"