Add private_devices to some additional services

diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb
index a42e22eb055e5f340426d4bfb140ad3079250e6d..d124bf43a603b8af79a4e5c581a73dfc035f6064 100644 (file)
--- a/cookbooks/otrs/recipes/default.rb
+++ b/cookbooks/otrs/recipes/default.rb
@@ -119,6 +119,7 @@ systemd_service "otrs" do
   group "otrs"
   exec_start "/opt/otrs/bin/otrs.Daemon.pl start"
   private_tmp true
+  private_devices true
   protect_system "full"
   protect_home true
   read_write_paths "/var/log/exim4"

diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index 345da75483cb7895c96f0859b85488e3331a5c9a..fdc9c7c4635f7d214700a8e1dc44d5add8309416 100644 (file)
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -116,6 +116,7 @@ systemd_service "planetdump@" do
   exec_start "/usr/local/bin/planetdump %i"
   memory_max "64G"
   private_tmp true
+  private_devices true
   protect_system "full"
   protect_home true
   read_write_paths "/var/log/exim4"

diff --git a/cookbooks/prometheus/recipes/server.rb b/cookbooks/prometheus/recipes/server.rb
index 6414b4bba2facecf0d619c52cab91f2125ed7f7b..eff5a0fee331b5a5fcd8ccda14a39857888874a3 100644 (file)
--- a/cookbooks/prometheus/recipes/server.rb
+++ b/cookbooks/prometheus/recipes/server.rb
@@ -159,6 +159,7 @@ systemd_service "promscale" do
   exec_start "/opt/promscale/bin/promscale --db.uri postgresql:///promscale?host=/run/postgresql&port=5432 --db.connections-max 400"
   limit_nofile 16384
   private_tmp true
+  protect_devices true
   protect_system "strict"
   protect_home true
   no_new_privileges true