Add more strict ProtectHome to systemd sample configuration.

Merge pull request #42 from VTimofeenko/systemd_protecthome
This commit is contained in:
Dan Helfman 2021-10-11 09:26:28 -07:00 committed by GitHub
commit 0a8d4e5dfb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -37,8 +37,11 @@ SystemCallErrorNumber=EPERM
# system read-only be default and uncomment 'ReadWritePaths' for the required write access.
# Add local repositroy paths to the list of 'ReadWritePaths' like '-/mnt/my_backup_drive'.
ProtectSystem=full
# ProtectHome=read-only
# ReadWritePaths=-/root/.config/borg -/root/.cache/borg -/root/.borgmatic
# ReadWritePaths=-/mnt/my_backup_drive
# ReadOnlyPaths=-/var/lib/my_backup_source
# This will mount a tmpfs on top of /root and pass through needed paths
# ProtectHome=tmpfs
# BindPaths=-/root/.cache/borg -/root/.cache/borg -/root/.borgmatic
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW