]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/dev/recipes/default.rb
Update SST CLI
[chef.git] / cookbooks / dev / recipes / default.rb
index 7ab10d8f47ed9af1ad5aadad1f0afc954e7ed40a..9ad37bfc9b30f57732011b0d1afc7162f0e7b9a6 100644 (file)
@@ -292,8 +292,9 @@ if node[:postgresql][:clusters][:"14/main"]
     nice 10
     private_tmp true
     private_devices true
-    protect_system "full"
+    protect_system "strict"
     protect_home true
+    read_write_paths "/srv/%i.apis.dev.openstreetmap.org/logs"
     no_new_privileges true
   end
 
@@ -306,8 +307,9 @@ if node[:postgresql][:clusters][:"14/main"]
     exec_reload "/bin/kill -HUP $MAINPID"
     private_tmp true
     private_devices true
-    protect_system "full"
+    protect_system "strict"
     protect_home true
+    read_write_paths ["/srv/%i.apis.dev.openstreetmap.org/logs", "/srv/%i.apis.dev.openstreetmap.org/rails/tmp"]
     no_new_privileges true
     restart "on-failure"
   end