You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current Meshtastic Native Daemon systemd script runs as the root user, which is generally considered a security risk. Additionally, it lacks automatic service restarts in case of failure and doesn't limit resource consumption effectively.
Proposed Changes
Change the service user and group to a dedicated "meshtastic" user.
Add the “meshtastic” user to the 995(spi), 994(i2c), and 993(gpio) groups on Raspberry Pi OS.
Add automatic service restarts on failure.
Set resource limits (such as CPU weight) to prevent excessive resource usage.
Add AmbientCapabilities=CAP_NET_BIND_SERVICE to the systemd script.
Platform
NRF52, ESP32
Description
The current Meshtastic Native Daemon systemd script runs as the root user, which is generally considered a security risk. Additionally, it lacks automatic service restarts in case of failure and doesn't limit resource consumption effectively.
Proposed Changes
AmbientCapabilities=CAP_NET_BIND_SERVICE
to the systemd script.Example Modified systemd Script
Please review and provide feedback!
The text was updated successfully, but these errors were encountered: