summaryrefslogtreecommitdiff
path: root/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/monitoring/prometheus/exporter/ssl/templates/service.j2')
-rw-r--r--roles/monitoring/prometheus/exporter/ssl/templates/service.j24
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/monitoring/prometheus/exporter/ssl/templates/service.j2 b/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
index fdd754a4..f0e1be30 100644
--- a/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
+++ b/roles/monitoring/prometheus/exporter/ssl/templates/service.j2
@@ -7,8 +7,8 @@ ExecStart=/usr/bin/prometheus-ssl-exporter --web.listen-address="127.0.0.1:9219"
ExecReload=/bin/kill -HUP $MAINPID
# systemd hardening-options
-AmbientCapabilities=
-CapabilityBoundingSet=
+AmbientCapabilities=CAP_DAC_READ_SEARCH
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH
DeviceAllow=/dev/null rw
DevicePolicy=strict
LockPersonality=true
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 05:39:11 +0000