X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/fde7de04c77cf19929234cc019d748f140bfce72..5d33b4e76966a4ae9f78cbd414daab5ef47475c6:/cookbooks/oxidized/recipes/default.rb?ds=inline

diff --git a/cookbooks/oxidized/recipes/default.rb b/cookbooks/oxidized/recipes/default.rb
index 4d1da0343..66c919908 100644
--- a/cookbooks/oxidized/recipes/default.rb
+++ b/cookbooks/oxidized/recipes/default.rb
@@ -29,6 +29,7 @@ package %w[
   libssh2-1-dev
   zlib1g-dev
   pkg-config
+  libyaml-dev
 ]
 
 keys = data_bag_item("oxidized", "keys")
@@ -147,11 +148,8 @@ systemd_service "oxidized" do
   environment "OXIDIZED_HOME" => "/etc/oxidized",
               "OXIDIZED_LOGS" => "/var/log/oxidized"
   nice 10
-  private_tmp true
-  private_devices true
-  protect_system "full"
-  protect_home true
-  no_new_privileges true
+  sandbox :enable_network => true
+  read_write_paths ["/run/oxidized", "/var/lib/oxidized", "/var/log/oxidized"]
   restart "on-failure"
   notifies :restart, "service[oxidized]"
 end