scripte/archivmail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: archivmail.service benötigt CAP_NET_ADMIN für Firewall-Aktivierung

Browse Source 
Der Admin-Endpoint "Firewall aktivieren" (POST /api/admin/security/fix,
enable_firewall) ruft "nft -f /etc/nftables.conf" auf. flush ruleset
benötigt CAP_NET_ADMIN, das fehlte bisher in der systemd-Unit, wodurch
der Aufruf mit "Operation not permitted" fehlschlug.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sysops
2026-06-13 22:01:29 +02:00
parent 1c52181e75
commit b73ef55a65
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
install.sh
+3 -2
View File
@@ -628,8 +628,9 @@ Requires=postgresql.service manticore.service
Type=simple Type=simple
User=${AM_USER} User=${AM_USER}
Group=${AM_USER} Group=${AM_USER}
AmbientCapabilities=CAP_NET_BIND_SERVICE # CAP_NET_ADMIN: required for the admin "enable firewall" action (nft -f /etc/nftables.conf)
CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
ExecStart=${INSTALL_DIR}/archivmail --config ${CONFIG_DIR}/config.yml ExecStart=${INSTALL_DIR}/archivmail --config ${CONFIG_DIR}/config.yml
Restart=on-failure Restart=on-failure
RestartSec=5 RestartSec=5