remove systemcallfilters sections from systemd unit files (#40176)

4 years ago · cdea812cee
parent d9c0220824
commit cdea812cee
2 changed files with 2 additions and 8 deletions
--- a/packaging/deb/systemd/grafana-server.service
+++ b/packaging/deb/systemd/grafana-server.service
@ -29,7 +29,7 @@ TimeoutStopSec=20
 CapabilityBoundingSet=
 DeviceAllow=
 LockPersonality=true
-MemoryDenyWriteExecute=true
+MemoryDenyWriteExecute=false
 NoNewPrivileges=true
 PrivateDevices=true
 PrivateTmp=true
@ -50,9 +50,6 @@ RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
 SystemCallFilter=~@privileged
 SystemCallFilter=~@resources
 UMask=0027
 [Install]
--- a/packaging/rpm/systemd/grafana-server.service
+++ b/packaging/rpm/systemd/grafana-server.service
@ -28,7 +28,7 @@ TimeoutStopSec=20
 CapabilityBoundingSet=
 DeviceAllow=
 LockPersonality=true
-MemoryDenyWriteExecute=true
+MemoryDenyWriteExecute=false
 NoNewPrivileges=true
 PrivateDevices=true
 PrivateTmp=true
@ -49,9 +49,6 @@ RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
 SystemCallFilter=~@privileged
 SystemCallFilter=~@resources
 UMask=0027
 [Install]