Comment on PrivateUsers option for gitea.service (#20383)
* Comment on PrivateUsers option for gitea.service A user happens to encounter an issue where PrivateUsers sandboxed Gitea.service and it effectively stop systemd from applying capabilities for that gitea.service. I am opening this PR to provide comments on PrivateUsers, effectively a tiny FAQ information for end-user.
This commit is contained in:
CLanguagePurist
GitHub
parent
ce8e06f9f3
commit
6247a1dd5d
1 changed files with 7 additions and 0 deletions
|
|
@ -78,6 +78,13 @@ Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
|
||||||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
###
|
###
|
||||||
|
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
|
||||||
|
# set the following value to false to allow capabilities to be applied on gitea process. The following
|
||||||
|
# value if set to true sandboxes gitea service and prevent any processes from running with privileges
|
||||||
|
# in the host user namespace.
|
||||||
|
###
|
||||||
|
#PrivateUsers=false
|
||||||
|
###
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
||||||
Reference in a new issue