Add more strict ProtectHome to systemd sample configuration.
Merge pull request #42 from VTimofeenko/systemd_protecthome
This commit is contained in:
commit
0a8d4e5dfb
1 changed files with 5 additions and 2 deletions
|
@ -37,8 +37,11 @@ SystemCallErrorNumber=EPERM
|
|||
# system read-only be default and uncomment 'ReadWritePaths' for the required write access.
|
||||
# Add local repositroy paths to the list of 'ReadWritePaths' like '-/mnt/my_backup_drive'.
|
||||
ProtectSystem=full
|
||||
# ProtectHome=read-only
|
||||
# ReadWritePaths=-/root/.config/borg -/root/.cache/borg -/root/.borgmatic
|
||||
# ReadWritePaths=-/mnt/my_backup_drive
|
||||
# ReadOnlyPaths=-/var/lib/my_backup_source
|
||||
# This will mount a tmpfs on top of /root and pass through needed paths
|
||||
# ProtectHome=tmpfs
|
||||
# BindPaths=-/root/.cache/borg -/root/.cache/borg -/root/.borgmatic
|
||||
|
||||
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW
|
||||
|
||||
|
|
Loading…
Reference in a new issue