graphene-os-server-infrastr.../systemd
Daniel Micay afce4f2a51 limit nginx service capabilities
Running nginx as non-root would be possible via CAP_NET_BIND_SERVICE as
an ambient capability but it would be inherited by workers. It's better
to leave the supervisor process as root for the time being unless nginx
was taught to use socket activation or drop capabilities for workers.
2022-08-10 11:12:20 -04:00
..
network configure CAKE via systemd-networkd 2022-07-27 20:56:14 -04:00
system limit nginx service capabilities 2022-08-10 11:12:20 -04:00
journald.conf add systemd directory 2021-09-08 17:53:20 -04:00
networkd.conf add systemd directory 2021-09-08 17:53:20 -04:00
sleep.conf update base systemd/sleep.conf 2022-08-10 05:31:31 -04:00
system.conf update systemd/system.conf 2022-05-22 15:57:02 -04:00