Tweak some tile sandboxes

author Tom Hughes <tom@compton.nu>

Tue, 15 Nov 2022 20:35:01 +0000 (20:35 +0000)

committer Tom Hughes <tom@compton.nu>

Tue, 15 Nov 2022 20:35:01 +0000 (20:35 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 15 Nov 2022 20:35:01 +0000 (20:35 +0000)
committer Tom Hughes <tom@compton.nu>
Tue, 15 Nov 2022 20:35:01 +0000 (20:35 +0000)
diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb

index 02833254be291781adcf209fcf17dd2987da2906..963c3dd2f5b075e4485f4d453a354c264bbff3e6 100644 (file)
--- a/cookbooks/tile/recipes/default.rb
+++ b/cookbooks/tile/recipes/default.rb
@@ -106,6 +106,7 @@ systemd_service "renderd" do
    limit_nofile 4096
    sandbox true
    restrict_address_families "AF_UNIX"
+  read_write_paths "/store/tiles"
    restart "on-failure"
  end
  
@@ -608,6 +609,7 @@ systemd_service "replicate" do
    user "tile"
    exec_start "/usr/local/bin/replicate"
    sandbox :enable_network => true
+  restrict_address_families "AF_UNIX"
    read_write_paths [
      "/store/database/nodes",
      "/var/lib/replicate",
author	Tom Hughes <tom@compton.nu>
	Tue, 15 Nov 2022 20:35:01 +0000 (20:35 +0000)
committer	Tom Hughes <tom@compton.nu>
	Tue, 15 Nov 2022 20:35:01 +0000 (20:35 +0000)