mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2024-12-23 05:59:22 -05:00
afce4f2a51
Running nginx as non-root would be possible via CAP_NET_BIND_SERVICE as an ambient capability but it would be inherited by workers. It's better to leave the supervisor process as root for the time being unless nginx was taught to use socket activation or drop capabilities for workers. |
||
---|---|---|
.. | ||
hardening.conf |