Comment on PrivateUsers option for gitea.service (#20383)
* Comment on PrivateUsers option for gitea.service A user happens to encounter an issue where PrivateUsers sandboxed Gitea.service and it effectively stop systemd from applying capabilities for that gitea.service. I am opening this PR to provide comments on PrivateUsers, effectively a tiny FAQ information for end-user.
This commit is contained in:
CLanguagePurist
GitHub
parent
ce8e06f9f3
commit
6247a1dd5d
1 changed files with 7 additions and 0 deletions
|
|
@ -78,6 +78,13 @@ Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
|
|||
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
###
|
||||
# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
|
||||
# set the following value to false to allow capabilities to be applied on gitea process. The following
|
||||
# value if set to true sandboxes gitea service and prevent any processes from running with privileges
|
||||
# in the host user namespace.
|
||||
###
|
||||
#PrivateUsers=false
|
||||
###
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
Reference in a new issue