sd/synth.download
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

NoNewPrivileges on most containers. drop all caps on a few others

Browse source
This commit is contained in:
zenfyr 2026-01-11 14:11:56 +07:00
commit b3e4af5aca
Signed by: melontini
SSH key fingerprint: SHA256:TtcIcnTnoAB5mqHofsaOxIgiMzfVBxej1AXT7DQdrTE
36 changed files with 80 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
beeper/etc/containers/systemd/mastodon/mastodon-dfdb.container
View file

@ -17,6 +17,8 @@ HealthCmd=redis-cli ping
HealthOnFailure=kill
HealthStartPeriod=10s
Notify=healthy
# Security
NoNewPrivileges=true
[Service]
Restart=always

2
beeper/etc/containers/systemd/mastodon/mastodon-ingress.container
View file

@ -10,6 +10,8 @@ EnvironmentFile=/etc/containers/systemd/mastodon/.env.secrets
EnvironmentFile=/etc/containers/systemd/mastodon/.env
Network=mastodon.network
Network=postgresql.network
# Security
NoNewPrivileges=true
[Service]
Restart=always

2
beeper/etc/containers/systemd/mastodon/mastodon-sidekiq.container
View file

@ -17,6 +17,8 @@ HealthCmd=ps aux | grep '[s]idekiq\ 8' || false
HealthOnFailure=kill
HealthStartPeriod=1m
Notify=healthy
# Security
NoNewPrivileges=true
[Service]
Restart=always

2
beeper/etc/containers/systemd/mastodon/mastodon-streaming.container
View file

@ -17,6 +17,8 @@ HealthCmd=curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | g
HealthOnFailure=kill
HealthStartPeriod=1m
Notify=healthy
# Security
NoNewPrivileges=true
[Service]
Restart=always

2
beeper/etc/containers/systemd/mastodon/mastodon-web.container
View file

@ -20,6 +20,8 @@ HealthCmd=curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || ex
HealthOnFailure=kill
HealthStartPeriod=1m
Notify=healthy
# Security
NoNewPrivileges=true
[Service]
Restart=always