diff options
author | CLanguagePurist | 2022-07-16 06:58:56 -0600 |
---|---|---|
committer | GitHub | 2022-07-16 14:58:56 +0200 |
commit | 6247a1dd5d4f9b103feb7b3fd71463bc66f5c288 (patch) | |
tree | efacc0ce1d81f264e9783331f3914dba5f4553a5 /contrib | |
parent | ce8e06f9f30f0ff3800d0d8da3c7d3044c71c64a (diff) |
Comment on PrivateUsers option for gitea.service (#20383)
* Comment on PrivateUsers option for gitea.service
A user happens to encounter an issue where PrivateUsers sandboxed Gitea.service and it effectively stop systemd from applying capabilities for that gitea.service. I am opening this PR to provide comments on PrivateUsers, effectively a tiny FAQ information for end-user.
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/systemd/gitea.service | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/contrib/systemd/gitea.service b/contrib/systemd/gitea.service index d6a4377ec..79c34564b 100644 --- a/contrib/systemd/gitea.service +++ b/contrib/systemd/gitea.service @@ -78,6 +78,13 @@ Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea #CapabilityBoundingSet=CAP_NET_BIND_SERVICE #AmbientCapabilities=CAP_NET_BIND_SERVICE ### +# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to +# set the following value to false to allow capabilities to be applied on gitea process. The following +# value if set to true sandboxes gitea service and prevent any processes from running with privileges +# in the host user namespace. +### +#PrivateUsers=false +### [Install] WantedBy=multi-user.target |