X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/56a942ea84cee51da25283665b1e008b775bb020..66c8810de3626826ca758bf47b0def637254c97c:/cookbooks/squid/recipes/default.rb diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb index def3d9187..54e6e4af4 100644 --- a/cookbooks/squid/recipes/default.rb +++ b/cookbooks/squid/recipes/default.rb @@ -50,6 +50,11 @@ systemd_service "squid" do exec_start "/usr/sbin/squid -N $SQUID_ARGS" exec_reload "/usr/sbin/squid -k reconfigure" exec_stop "/usr/sbin/squid -k shutdown" + private_tmp true + private_devices true + protect_system "full" + protect_home true + no_new_privileges true restart "on-failure" timeout_sec 0 end @@ -67,7 +72,7 @@ log "squid-restart" do notifies :restart, "service[squid]" only_if do IO.popen(["squidclient", "--host=127.0.0.1", "--port=80", "mgr:counters"]) do |io| - io.each.grep(/^[a-z][a-z_.]+ = -[0-9]+$/).count > 0 + io.each.grep(/^[a-z][a-z_.]+ = -[0-9]+$/).count.positive? end end end