Skip to content

Commit 51b7090

Browse files
committed
feat: no new priviliges for postgres
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#NoNewPrivileges= ensures that the service process and all its children can never gain new privileges through execve()
1 parent 73b48db commit 51b7090

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

ansible/files/postgresql_config/postgresql.service.j2

+1
Original file line numberDiff line numberDiff line change
@@ -21,5 +21,6 @@ RestartSec=5
2121
OOMScoreAdjust=-1000
2222
EnvironmentFile=-/etc/environment.d/postgresql.env
2323
LimitNOFILE=16384
24+
NoNewPrivileges=true
2425
[Install]
2526
WantedBy=multi-user.target

0 commit comments

Comments
 (0)