X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/9ae7cc736015c398ec6e3dc396d8ff0202524126..47b636ac08ba7e76eecfbc77a399582d0f89dcb6:/cookbooks/dev/recipes/default.rb

diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
index 7ab10d8f4..9ad37bfc9 100644
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -292,8 +292,9 @@ if node[:postgresql][:clusters][:"14/main"]
     nice 10
     private_tmp true
     private_devices true
-    protect_system "full"
+    protect_system "strict"
     protect_home true
+    read_write_paths "/srv/%i.apis.dev.openstreetmap.org/logs"
     no_new_privileges true
   end
 
@@ -306,8 +307,9 @@ if node[:postgresql][:clusters][:"14/main"]
     exec_reload "/bin/kill -HUP $MAINPID"
     private_tmp true
     private_devices true
-    protect_system "full"
+    protect_system "strict"
     protect_home true
+    read_write_paths ["/srv/%i.apis.dev.openstreetmap.org/logs", "/srv/%i.apis.dev.openstreetmap.org/rails/tmp"]
     no_new_privileges true
     restart "on-failure"
   end