You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One of the more relevant part for me is AmbientCapabilities, which is set to CAP_IPC_LOCK on Hashicorp repo, but CAP_SYSLOG CAP_IPC_LOCK here.
This modification was added in this commit 5c4f74a without much explanation, and I have tested on my setup reverting to AmbientCapabilities=CAP_IPC_LOCK without any issues.
Why is there this difference ? If there is no specific reason, I would be pleased to contribute to this repo with this simple PR!
There are also other difference, for ulimits for example, but there are not a specific issue in my case.
The text was updated successfully, but these errors were encountered:
While reviewing the official Hashicorp Vault Hardening guidelines, I found a difference between in the systemd unit of this repository and the official units installed with hashicorp linux packages.
One of the more relevant part for me is
AmbientCapabilities, which is set toCAP_IPC_LOCKon Hashicorp repo, butCAP_SYSLOG CAP_IPC_LOCKhere.This modification was added in this commit 5c4f74a without much explanation, and I have tested on my setup reverting to
AmbientCapabilities=CAP_IPC_LOCKwithout any issues.Why is there this difference ? If there is no specific reason, I would be pleased to contribute to this repo with this simple PR!
There are also other difference, for
ulimitsfor example, but there are not a specific issue in my case.The text was updated successfully, but these errors were encountered: