From: Tom Hughes <tom@compton.nu>
Date: Tue, 15 Nov 2022 22:44:43 +0000 (+0000)
Subject: Fix some sandboxing issued for the rails-jobs service
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/39fe35336a98e698c08dc27a0306f80d1d790a53?ds=sidebyside

Fix some sandboxing issued for the rails-jobs service
---

diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
index 047a70d72..df10f428f 100644
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -291,6 +291,8 @@ if node[:postgresql][:clusters][:"14/main"]
     restart "on-failure"
     nice 10
     sandbox :enable_network => true
+    restrict_address_families "AF_UNIX"
+    memory_deny_write_execute false
     read_write_paths "/srv/%i.apis.dev.openstreetmap.org/logs"
   end