Fix some sandboxing issued for the rails-jobs service

[chef.git] / cookbooks / dev / recipes / default.rb

diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
index 047a70d72115ea0ce1e9f67bd4bfa3b475f249f3..df10f428fee175ddd6293d2b7296b2960678cdf9 100644 (file)
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -291,6 +291,8 @@ if node[:postgresql][:clusters][:"14/main"]
     restart "on-failure"
     nice 10
     sandbox :enable_network => true
+    restrict_address_families "AF_UNIX"
+    memory_deny_write_execute false
     read_write_paths "/srv/%i.apis.dev.openstreetmap.org/logs"
   end