Files @ a8ec562e1ad3
Branch filter:

Location: website/systemd/conservancy-www-update.service

a8ec562e1ad3 526 B text/plain Show Annotation Show as Raw Download as Raw
Bradley M. Kuhn
Copyleft Compliance: enforcement strategy & firmware liberation

These two new documents are based on grant proposals for this work.
We are preparing to announce the work publicly soon. This is a first
draft of both documents.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[Unit]
Description=Update Conservancy website checkout

[Service]
Type=oneshot
User=www
WorkingDirectory=/var/www/website
ExecStart=/var/www/website/systemd/conservancy-www-update.sh

SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
CapabilityBoundingSet=
NoNewPrivileges=true

PrivateDevices=true
PrivateNetwork=false
PrivateTmp=true
PrivateUsers=false
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict
ReadWritePaths=/var/www/website
Server instance: kapok.sfconservancy.org-27511 This site is powered by Kallithea 0.6.3, which is © 2010–2020 by various authors & licensed under GPLv3. – SupportPrivacy Policy