Fix some sandboxing issued for the rails-jobs service

author Tom Hughes <tom@compton.nu>

Tue, 15 Nov 2022 22:44:43 +0000 (22:44 +0000)

committer Tom Hughes <tom@compton.nu>

Tue, 15 Nov 2022 22:44:43 +0000 (22:44 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 15 Nov 2022 22:44:43 +0000 (22:44 +0000)
committer Tom Hughes <tom@compton.nu>
Tue, 15 Nov 2022 22:44:43 +0000 (22:44 +0000)
diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb

index 047a70d72115ea0ce1e9f67bd4bfa3b475f249f3..df10f428fee175ddd6293d2b7296b2960678cdf9 100644 (file)
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -291,6 +291,8 @@ if node[:postgresql][:clusters][:"14/main"]
      restart "on-failure"
      nice 10
      sandbox :enable_network => true
+    restrict_address_families "AF_UNIX"
+    memory_deny_write_execute false
      read_write_paths "/srv/%i.apis.dev.openstreetmap.org/logs"
    end
author	Tom Hughes <tom@compton.nu>
	Tue, 15 Nov 2022 22:44:43 +0000 (22:44 +0000)
committer	Tom Hughes <tom@compton.nu>
	Tue, 15 Nov 2022 22:44:43 +0000 (22:44 +0000)