Remove restrictive systemd security settings across multiple services and add ProtectSystem=no for SQLite WAL mode compatibility
Some checks failed
Systemd Sync / sync-systemd (push) Has been cancelled
Some checks failed
Systemd Sync / sync-systemd (push) Has been cancelled
- Remove ProtectSystem=strict and ReadWritePaths from agent-daemon, gpu, learning, marketplace, modality-optimization, monitor, multimodal, and openclaw services - Add ProtectSystem=no to coordinator-api, exchange-api, and explorer services to allow database writes for SQLite WAL mode - Retain NoNewPrivileges and ProtectHome security settings across all services
This commit is contained in:
aitbc
@@ -32,9 +32,7 @@ SyslogIdentifier=aitbc-marketplace
|
||||
|
||||
# Production security
|
||||
NoNewPrivileges=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ReadWritePaths=/var/lib/aitbc/data/marketplace /var/log/aitbc/marketplace
|
||||
|
||||
# Production performance
|
||||
LimitNOFILE=65536
|
||||
|
||||
Reference in New Issue
Block a user