From 8d79277292555d96f0ead6e8cfc1c43cb3a7278d Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Thu, 22 Dec 2022 14:41:21 +0000
Subject: [PATCH] mediawiki: ease systemd restrictions. AF_UNIX used to connect
 to mysql

---
 cookbooks/mediawiki/recipes/default.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb
index 0295c413f..30bd612d1 100644
--- a/cookbooks/mediawiki/recipes/default.rb
+++ b/cookbooks/mediawiki/recipes/default.rb
@@ -87,7 +87,6 @@ systemd_service "mediawiki-sitemap@" do
   nice 10
   sandbox true
   memory_deny_write_execute false
-  restrict_address_families "AF_UNIX"
   read_write_paths "/srv/%i"
 end
 
@@ -103,7 +102,6 @@ systemd_service "mediawiki-jobs@" do
   nice 10
   sandbox true
   memory_deny_write_execute false
-  restrict_address_families "AF_UNIX"
   read_write_paths "/srv/%i"
 end
 
@@ -120,7 +118,6 @@ systemd_service "mediawiki-email-jobs@" do
   nice 10
   sandbox :enable_network => true
   memory_deny_write_execute false
-  restrict_address_families "AF_UNIX"
 end
 
 systemd_timer "mediawiki-email-jobs@" do
@@ -134,9 +131,8 @@ systemd_service "mediawiki-refresh-links@" do
   exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/refreshLinks.php --server=https://%i --memory-limit=2048M --quiet"
   user node[:mediawiki][:user]
   nice 10
-  sandbox true
+  sandbox :enable_network => true
   memory_deny_write_execute false
-  restrict_address_families "AF_UNIX"
 end
 
 systemd_timer "mediawiki-refresh-links@" do
-- 
2.39.5