e62e31f00f
from forgejo:forgejo u=rwX,g=rwX,o=
to forgejo:forgejo u=rwX,g=rX,o=
- update apparmor profile to a profile that is less broad.
- create all directories before actually installing files
- make the HOME dir in the service file the same as the user
- migrate existing authorized keys files
from %{_datadir}/%{name}/.ssh/authorized_keys
to %{_sharedstatedir}/%{name}/data/home/.ssh/authorized_keys
- fix file list to lock down permissions more
- don't require the apparmor subpackage when apparmor is installed
the current profile is rather bad and it should be possible to
keep it out.
- user should actually use /var/lib/forgejo/data/home
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=53
10 lines
277 B
Plaintext
10 lines
277 B
Plaintext
include <abstractions/base>
|
|
include <abstractions/bash>
|
|
include <abstractions/consoles>
|
|
|
|
/usr/bin/bash ix,
|
|
|
|
/usr/bin/env rPx -> forgejo//simple_tool,
|
|
/usr/bin/cat rPx -> forgejo//simple_tool,
|
|
/usr/bin/basename rPx -> forgejo//simple_tool,
|