BBlack has submitted this change and it was merged. Change subject: add CAP_CHOWN to tlsproxy nginx caps ......................................................................
add CAP_CHOWN to tlsproxy nginx caps This is needed for setting up the /var/lib/nginx contents (which lives on a tmpfs) on a fresh reboot Change-Id: If1f06983c03c133f8f12de1393ec50e37368ee4a --- M modules/tlsproxy/files/nginx-security.conf 1 file changed, 1 insertion(+), 1 deletion(-) Approvals: BBlack: Verified; Looks good to me, approved diff --git a/modules/tlsproxy/files/nginx-security.conf b/modules/tlsproxy/files/nginx-security.conf index 2ee6092..6dd4c7e 100644 --- a/modules/tlsproxy/files/nginx-security.conf +++ b/modules/tlsproxy/files/nginx-security.conf @@ -3,5 +3,5 @@ PrivateDevices=true ProtectSystem=full ProtectHome=true -CapabilityBoundingSet=CAP_KILL CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_SYSLOG CAP_DAC_OVERRIDE CAP_SYS_NICE CAP_SYS_RESOURCE +CapabilityBoundingSet=CAP_KILL CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_SYSLOG CAP_CHOWN CAP_DAC_OVERRIDE CAP_SYS_NICE CAP_SYS_RESOURCE NoNewPrivileges=true -- To view, visit https://gerrit.wikimedia.org/r/281941 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: If1f06983c03c133f8f12de1393ec50e37368ee4a Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <[email protected]> Gerrit-Reviewer: BBlack <[email protected]> Gerrit-Reviewer: Ema <[email protected]> Gerrit-Reviewer: Muehlenhoff <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
