B4BY.588
Home
Terminal
Upload
information
Create File
Create Folder
About
Tools
:
/
etc
/
systemd
/
system
/
imunify-antivirus.service.d
/
Filename :
00-compat-systemd-219.conf
back
Copy
[Service] # DEF-41613: ReadWritePaths= (231+) and AmbientCapabilities= (229+) # are silently dropped on older systemd. Without them: # * ProtectSystem=full would lock /etc and break agent config writes; # * NoNewPrivileges=true would clear subprocess effective caps, # breaking iptables-restore / ipset / i360-storage-replacehdb-v2 # (the kernel's UID-0 effective-raise-on-exec is disabled by NNP # and we have no AmbientCapabilities= here to compensate). # Reset both so CL7 / CentOS 7 falls back to the pre-MR-338 behaviour # while keeping CapabilityBoundingSet= which 219 honors. Use explicit # "=no" rather than "=" — systemd 219 doesn't understand the # empty-value reset syntax (added in v229) and ignores those lines as # parse failures. ProtectSystem=no NoNewPrivileges=no