templates/systemd/mastodon: optimize SystemCallFilters (#16127)

2021-04-27 21:34:53 +03:00 · 2021-04-27 21:34:53 +03:00 · 7da104eb11
commit 7da104eb11
parent 0bc909687a
2 changed files with 2 additions and 2 deletions
--- a/dist/mastodon-sidekiq.service
+++ b/dist/mastodon-sidekiq.service
@ -38,7 +38,7 @@ PrivateMounts=true
 ProtectClock=true
 # System Call Filtering
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap

 [Install]
 WantedBy=multi-user.target
--- a/dist/mastodon-web.service
+++ b/dist/mastodon-web.service
@ -38,7 +38,7 @@ PrivateMounts=true
 ProtectClock=true
 # System Call Filtering
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @resources @setuid @swap

 [Install]
 WantedBy=multi-user.target