jnd/beszel-ipv6
1
0
Fork 0
mirror of https://github.com/henrygd/beszel.git synced 2025-12-16 18:26:16 +01:00
Code Issues Packages Projects Releases 2 Wiki Activity

remove NoNewPrivileges from systemd agent service

Browse Source 
configuration (#1203)

Prevents service from running `intel_gpu_top`
This commit is contained in:
henrygd
2025-09-25 15:06:17 -04:00
parent 4b43d68da6
commit d83865cb4f
2 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
supplemental/debian/beszel-agent.service
View File

@@ -15,8 +15,6 @@ StateDirectory=beszel-agent
# Security/sandboxing settings # Security/sandboxing settings
KeyringMode=private KeyringMode=private
LockPersonality=yes LockPersonality=yes
NoNewPrivileges=yes
PrivateTmp=yes
ProtectClock=yes ProtectClock=yes
ProtectHome=read-only ProtectHome=read-only
ProtectHostname=yes ProtectHostname=yes
@@ -24,7 +22,6 @@ ProtectKernelLogs=yes
ProtectSystem=strict ProtectSystem=strict
RemoveIPC=yes RemoveIPC=yes
RestrictSUIDSGID=true RestrictSUIDSGID=true
SystemCallArchitectures=native
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

1
supplemental/scripts/install-agent.sh
View File

@@ -920,7 +920,6 @@ StateDirectory=beszel-agent
# Security/sandboxing settings # Security/sandboxing settings
KeyringMode=private KeyringMode=private
LockPersonality=yes LockPersonality=yes
NoNewPrivileges=yes
ProtectClock=yes ProtectClock=yes
ProtectHome=read-only ProtectHome=read-only
ProtectHostname=yes ProtectHostname=yes