]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/blogs/recipes/default.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add no_new_privilegese to some additional services
[chef.git] / cookbooks / blogs / recipes / default.rb
diff --git a/cookbooks/blogs/recipes/default.rb b/cookbooks/blogs/recipes/default.rb
index 681118f959f5dbcf1a56b8f1932cdc9f4f29e8b0..c4d425a5634151cecb93e54beb0169908c3feeae 100644 (file)
--- a/cookbooks/blogs/recipes/default.rb
+++ b/cookbooks/blogs/recipes/default.rb
@@ -87,6 +87,7 @@ systemd_service "blogs-update" do
   protect_system "strict"
   protect_home true
   read_write_paths "/srv/blogs.openstreetmap.org"
+  no_new_privileges true
 end
 
 systemd_timer "blogs-update" do
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.