summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCLanguagePurist <107034654+CLanguagePurist@users.noreply.github.com>2022-07-16 06:58:56 -0600
committerGitHub <noreply@github.com>2022-07-16 14:58:56 +0200
commit6247a1dd5d4f9b103feb7b3fd71463bc66f5c288 (patch)
treeefacc0ce1d81f264e9783331f3914dba5f4553a5
parentce8e06f9f30f0ff3800d0d8da3c7d3044c71c64a (diff)
downloadgitea-6247a1dd5d4f9b103feb7b3fd71463bc66f5c288.tar.gz
gitea-6247a1dd5d4f9b103feb7b3fd71463bc66f5c288.zip
Comment on PrivateUsers option for gitea.service (#20383)
* Comment on PrivateUsers option for gitea.service A user happens to encounter an issue where PrivateUsers sandboxed Gitea.service and it effectively stop systemd from applying capabilities for that gitea.service. I am opening this PR to provide comments on PrivateUsers, effectively a tiny FAQ information for end-user.
-rw-r--r--contrib/systemd/gitea.service7
1 files changed, 7 insertions, 0 deletions
diff --git a/contrib/systemd/gitea.service b/contrib/systemd/gitea.service
index d6a4377ec8..79c34564bc 100644
--- a/contrib/systemd/gitea.service
+++ b/contrib/systemd/gitea.service
@@ -78,6 +78,13 @@ Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE
###
+# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
+# set the following value to false to allow capabilities to be applied on gitea process. The following
+# value if set to true sandboxes gitea service and prevent any processes from running with privileges
+# in the host user namespace.
+###
+#PrivateUsers=false
+###
[Install]
WantedBy=multi-user.target