fix: implement actual system reboot via shutdown/systemctl commands
All checks were successful
CI/CD Pipeline / Code Format (push) Successful in 2s
CI/CD Pipeline / Clippy Lints (push) Successful in 40s
CI/CD Pipeline / Unit Tests (push) Successful in 1m27s
CI/CD Pipeline / Security Audit (push) Successful in 4s
CI/CD Pipeline / Build Arch Package (push) Successful in 1m56s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Successful in 2m32s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m25s
CI/CD Pipeline / Build RPM Package (push) Successful in 3m44s
CI/CD Pipeline / Build Debian Package (push) Successful in 3m0s
All checks were successful
CI/CD Pipeline / Code Format (push) Successful in 2s
CI/CD Pipeline / Clippy Lints (push) Successful in 40s
CI/CD Pipeline / Unit Tests (push) Successful in 1m27s
CI/CD Pipeline / Security Audit (push) Successful in 4s
CI/CD Pipeline / Build Arch Package (push) Successful in 1m56s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Successful in 2m32s
CI/CD Pipeline / Build Alpine Package (push) Successful in 3m25s
CI/CD Pipeline / Build RPM Package (push) Successful in 3m44s
CI/CD Pipeline / Build Debian Package (push) Successful in 3m0s
- Fix reboot_system() to use shutdown -r +N for delayed reboots - Fix patches handler to call reboot_system() instead of just logging - Add CAP_SYS_BOOT capability to systemd service for LXC reboot support - Remove unused warn import from packages/mod.rs - Bump version to 0.3.1
This commit is contained in:
@ -18,6 +18,9 @@ RuntimeDirectoryMode=0755
|
||||
|
||||
# Security hardening
|
||||
NoNewPrivileges=true
|
||||
# Allow reboot capability for scheduled reboots
|
||||
CapabilityBoundingSet=CAP_SYS_BOOT
|
||||
AmbientCapabilities=CAP_SYS_BOOT
|
||||
# ProtectSystem removed - package management requires write access to /usr, /etc, /lib
|
||||
# Network security provided by mTLS + IP whitelist
|
||||
ProtectHome=true
|
||||
|
||||
Reference in New Issue
Block a user