Remove restrictive systemd security settings across multiple services and add ProtectSystem=no for SQLite WAL mode compatibility
Some checks failed
Systemd Sync / sync-systemd (push) Has been cancelled
Some checks failed
Systemd Sync / sync-systemd (push) Has been cancelled
- Remove ProtectSystem=strict and ReadWritePaths from agent-daemon, gpu, learning, marketplace, modality-optimization, monitor, multimodal, and openclaw services - Add ProtectSystem=no to coordinator-api, exchange-api, and explorer services to allow database writes for SQLite WAL mode - Retain NoNewPrivileges and ProtectHome security settings across all services
This commit is contained in:
aitbc
@@ -29,9 +29,7 @@ StandardError=journal
|
||||
# Security settings
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ReadWritePaths=/var/lib/aitbc/data /var/lib/aitbc/keystore
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
Reference in New Issue
Block a user