diff --git a/listmonk@.service b/listmonk@.service index 9d452ad..9bab1d1 100644 --- a/listmonk@.service +++ b/listmonk@.service @@ -35,7 +35,7 @@ SystemCallArchitectures=native # Only enable a reasonable set of system calls. # see: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#SystemCallFilter= SystemCallFilter=@system-service -SystemCallFilter=~@privileged @resources +SystemCallFilter=~@privileged # ProtectSystem=strict, which is implied by DynamicUser=True, already disabled write calls # to the entire filesystem hierarchy, leaving only /dev/, /proc/, and /sys/ writable. # listmonk doesn’t need access to those so might as well disable them.