From 166ddebdbce7df504abaf17bd6ccc1b99c777906 Mon Sep 17 00:00:00 2001
From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
Date: Tue, 13 Jun 2023 12:45:18 +0200
Subject: [PATCH] Add no_new_privs to OpenRC service files

---
 installation/init.d/akkoma           | 1 +
 rel/files/installation/init.d/akkoma | 1 +
 2 files changed, 2 insertions(+)

diff --git a/installation/init.d/akkoma b/installation/init.d/akkoma
index 6c1973db4..bd17516f2 100755
--- a/installation/init.d/akkoma
+++ b/installation/init.d/akkoma
@@ -8,6 +8,7 @@ pidfile="/var/run/akkoma.pid"
 directory=/opt/akkoma
 healthcheck_delay=60
 healthcheck_timer=30
+no_new_privs="yes"
 
 : ${akkoma_port:-4000}
 
diff --git a/rel/files/installation/init.d/akkoma b/rel/files/installation/init.d/akkoma
index ea6ea3580..492a0debe 100755
--- a/rel/files/installation/init.d/akkoma
+++ b/rel/files/installation/init.d/akkoma
@@ -9,6 +9,7 @@ command=/opt/akkoma/bin/pleroma
 command_args="start"
 command_user=akkoma
 command_background=1
+no_new_privs="yes"
 
 # Ask process to terminate within 30 seconds, otherwise kill it
 retry="SIGTERM/30/SIGKILL/5"