fix(systemd): disable ProtectHome (uv stores python in user home)

2026-05-07 14:36:46 +02:00 · 2026-05-07 14:36:46 +02:00 · bf6716375a
commit bf6716375a
parent 344d30f440
2 changed files with 3 additions and 2 deletions
--- a/deploy/systemd/aitrader-dashboard.service
+++ b/deploy/systemd/aitrader-dashboard.service
@ -23,7 +23,7 @@ StandardError=journal

 NoNewPrivileges=true
 ProtectSystem=strict
-ProtectHome=true
+ProtectHome=false
 ReadWritePaths=/opt/aitrader/data
 PrivateTmp=true

--- a/deploy/systemd/aitrader.service
+++ b/deploy/systemd/aitrader.service
@ -18,7 +18,8 @@ StandardError=journal
 # Hardening
 NoNewPrivileges=true
 ProtectSystem=strict
-ProtectHome=true
+# ProtectHome=false weil uv den Python-Interpreter in /home/aitrader/.local/share/uv ablegt
+ProtectHome=false
 ReadWritePaths=/opt/aitrader/data
 PrivateTmp=true
 ProtectKernelTunables=true