-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tweak systemd unit definition #190
base: master
Are you sure you want to change the base?
Conversation
Configure the unit to restart whenever the gadget process stops.
The revised description describes the unit declaratively, rather than the edge action (starting the service).
Configure systemd not to allow the webcam to make any network access, and impose other restrictions.
Looks good! We might even make use of more systemd capabilites. Looking at
|
@sftim wanna check these three things out? |
I'm not going to have any time to move this PR forward with extra changes, at least not for the foreseeable. Sorry about that. |
Whoops. |
Even if this isn't perfect, perhaps it's OK to merge as-is? The key thing would be to verify it actually works. |
I'd rather not merge something that wasn't verified. But you can easily use the Github Action to build your images and try those. Also you could replace squashfs with ext4 in your build, to test without having to build a new image every time. |
ℹ️ UNTESTED
These changes ought to make the systemd unit automatically restart (see #183), and run with extra security restrictions.
I haven't tried them though. Nonetheless I hope the PR is useful. Anyone who wants to is welcome to test this out and report back.