From: Tom Hughes <tom@compton.nu>
Date: Thu, 24 Nov 2022 00:59:48 +0000 (+0000)
Subject: Relax sandboxing for the web-statistics service
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/0c0f44fd4a4d092b054e2612c03f4e203e2554ea

Relax sandboxing for the web-statistics service
---

diff --git a/cookbooks/web/recipes/statistics.rb b/cookbooks/web/recipes/statistics.rb
index 769cf5753..d3829f06c 100644
--- a/cookbooks/web/recipes/statistics.rb
+++ b/cookbooks/web/recipes/statistics.rb
@@ -32,10 +32,13 @@ end
 
 systemd_service "web-statistics" do
   description "Generate web statistics"
-  exec_start "/usr/local/bin/statistics"
+  environment "RAILS_ENV" => "production"
   user "rails"
+  working_directory rails_directory
+  exec_start "/usr/local/bin/statistics"
   sandbox :enable_network => true
-  read_write_paths "#{rails_directory}/tmp"
+  memory_deny_write_execute false
+  read_write_paths ["#{rails_directory}/tmp", "/var/log/web"]
 end
 
 systemd_timer "web-statistics" do