From c93accc06d43d1c4ec981c97ddccbc2098873728 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Tue, 14 Aug 2018 15:22:39 -0500 Subject: [PATCH] Set private sandbox options to false by default The private sandbox options are emitting odd behaviour in newer kernels. This change sets the sandbox options to false by default so that we're not creating unexpected issues. Change-Id: I670ae94525f80e70f03327591cba0e27c2ac0f2b Signed-off-by: Kevin Carter --- defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index b95ce6b..85cda60 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,10 +35,10 @@ systemd_MemoryAccounting: true systemd_TasksAccounting: true # Sandboxing options -systemd_PrivateTmp: true +systemd_PrivateTmp: false systemd_PrivateDevices: false systemd_PrivateNetwork: false -systemd_PrivateUsers: true +systemd_PrivateUsers: false # Start service after a given target. This is here because we want to define common # after targets used on most services. This can be overridden or agumented using