From bb64eef67c1f74156fc71d67df7fe6d2877a3015 Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 22 Dec 2022 16:20:11 +0000 Subject: [PATCH] mediawiki: Actually allow AF_UNIX. --- cookbooks/mediawiki/recipes/default.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb index af0e645a0..59638e4e9 100644 --- a/cookbooks/mediawiki/recipes/default.rb +++ b/cookbooks/mediawiki/recipes/default.rb @@ -87,6 +87,7 @@ systemd_service "mediawiki-sitemap@" do nice 10 sandbox :enable_network => true memory_deny_write_execute false + restrict_address_families "AF_UNIX" read_write_paths "/srv/%i" end @@ -102,6 +103,7 @@ systemd_service "mediawiki-jobs@" do nice 10 sandbox :enable_network => true memory_deny_write_execute false + restrict_address_families "AF_UNIX" read_write_paths "/srv/%i" end @@ -118,6 +120,8 @@ systemd_service "mediawiki-email-jobs@" do nice 10 sandbox :enable_network => true memory_deny_write_execute false + restrict_address_families "AF_UNIX" + read_write_paths "/srv/%i" end systemd_timer "mediawiki-email-jobs@" do @@ -133,6 +137,8 @@ systemd_service "mediawiki-refresh-links@" do nice 10 sandbox :enable_network => true memory_deny_write_execute false + restrict_address_families "AF_UNIX" + read_write_paths "/srv/%i" end systemd_timer "mediawiki-refresh-links@" do -- 2.39.5