grabowski
86b2770d3e
Disabled NoNewPrivileges security restriction to allow the service to execute sudo commands for system shutdown and reboot. Also expanded PATH to include /sbin and /usr/sbin directories. Changes: - Commented out NoNewPrivileges=true to allow sudo privilege escalation - Added /sbin and /usr/sbin to PATH environment variable - Keeps other security hardening (PrivateTmp, user/group isolation) Why this is needed: The NoNewPrivileges flag prevents any process from gaining additional privileges, which blocks sudo even with proper sudoers configuration. This is safe to disable for this use case because: 1. Service runs as specific user (berwn) 2. Sudoers file restricts to only /sbin/shutdown and /sbin/reboot 3. No other privilege escalation paths in the application This fixes the issue where reboot works with 'make start' but not as a systemd service. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
644 B
644 B