mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2025-11-24 16:53:07 -05:00
8ac489c9aa
This is required for it to create the /var directories it uses when the master process is running as root. It would be possible to run the nginx master process as non-root but it doesn't drop ambient capabilities when it spawns the workers so running the master process as non-root will end up giving the workers higher privileges due to them ending up getting the CAP_NET_BIND_SERVICE capability passed through. |
||
|---|---|---|
| .. | ||
| certbot-renew.service.d | ||
| nginx.service.d | ||
| sshd.service.d | ||
| certbot-ocsp-fetcher.service | ||
| certbot-ocsp-fetcher.timer | ||