Drop private_devices for OTRS and planetdump that use exim

diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb
index d124bf43a603b8af79a4e5c581a73dfc035f6064..0b391a62cc3479cede8e5b1bfcfe32d962e296eb 100644 (file)
--- a/cookbooks/otrs/recipes/default.rb
+++ b/cookbooks/otrs/recipes/default.rb
@@ -119,10 +119,9 @@ systemd_service "otrs" do
   group "otrs"
   exec_start "/opt/otrs/bin/otrs.Daemon.pl start"
   private_tmp true
-  private_devices true
-  protect_system "full"
+  protect_system "strict"
   protect_home true
-  read_write_paths "/var/log/exim4"
+  read_write_paths ["/opt/otrs-#{version}/var", "/var/log/exim4", "/var/spool/exim4"]
 end
 
 service "otrs" do

diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index fdc9c7c4635f7d214700a8e1dc44d5add8309416..c7737bdb84a23576c70dfe1e9069e105409911e2 100644 (file)
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -116,10 +116,9 @@ systemd_service "planetdump@" do
   exec_start "/usr/local/bin/planetdump %i"
   memory_max "64G"
   private_tmp true
-  private_devices true
-  protect_system "full"
+  protect_system "strict"
   protect_home true
-  read_write_paths "/var/log/exim4"
+  read_write_paths ["/var/log/exim4", "/var/spool/exim4"]
 end
 
 cron_d "planet-dump-mirror" do