Relax sandboxing for the web-statistics service

author Tom Hughes <tom@compton.nu>

Thu, 24 Nov 2022 00:59:48 +0000 (00:59 +0000)

committer Tom Hughes <tom@compton.nu>

Thu, 24 Nov 2022 00:59:48 +0000 (00:59 +0000)
author Tom Hughes <tom@compton.nu>
Thu, 24 Nov 2022 00:59:48 +0000 (00:59 +0000)
committer Tom Hughes <tom@compton.nu>
Thu, 24 Nov 2022 00:59:48 +0000 (00:59 +0000)
diff --git a/cookbooks/web/recipes/statistics.rb b/cookbooks/web/recipes/statistics.rb

index 769cf5753a0637ba71e98eb5b652928555b29fa4..d3829f06c73815a839cb782c862717afd1277852 100644 (file)
--- a/cookbooks/web/recipes/statistics.rb
+++ b/cookbooks/web/recipes/statistics.rb
@@ -32,10 +32,13 @@ end
  
  systemd_service "web-statistics" do
    description "Generate web statistics"
-  exec_start "/usr/local/bin/statistics"
+  environment "RAILS_ENV" => "production"
    user "rails"
+  working_directory rails_directory
+  exec_start "/usr/local/bin/statistics"
    sandbox :enable_network => true
-  read_write_paths "#{rails_directory}/tmp"
+  memory_deny_write_execute false
+  read_write_paths ["#{rails_directory}/tmp", "/var/log/web"]
  end
  
  systemd_timer "web-statistics" do
author	Tom Hughes <tom@compton.nu>
	Thu, 24 Nov 2022 00:59:48 +0000 (00:59 +0000)
committer	Tom Hughes <tom@compton.nu>
	Thu, 24 Nov 2022 00:59:48 +0000 (00:59 +0000)