Projects/muscl
12
3
Fork 0
Code Issues 76 Pull Requests Actions Packages Releases Activity

assets/systemd: remove landlock instructions from seccomp filter by default

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-12-02 13:49:36 +09:00
parent 3e46d6f541
commit 9f9e1ce504
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
assets/systemd/muscl.service
View File

@@ -51,6 +51,10 @@ RestrictRealtime=true
RestrictSUIDSGID=true
SocketBindDeny=any
SystemCallArchitectures=native
SystemCallFilter=@system-service @sandbox
SystemCallFilter=@system-service
# This is needed for landlock
# SystemCallFilter=@sandbox
SystemCallFilter=~@privileged @resources
UMask=0777