Update sample systemd service file comments about more granular read-only filesystem settings.
This commit is contained in:
Dan Helfman
parent
0a8d4e5dfb
commit
1004500d65
2 changed files with 5 additions and 4 deletions
1
NEWS
1
NEWS
|
|
@ -1,4 +1,5 @@
|
||||||
1.5.19.dev0
|
1.5.19.dev0
|
||||||
|
* Update sample systemd service file with more granular read-only filesystem settings.
|
||||||
* Move Gitea and GitHub hosting from a personal namespace to an organization for better
|
* Move Gitea and GitHub hosting from a personal namespace to an organization for better
|
||||||
collaboration with related projects.
|
collaboration with related projects.
|
||||||
* 1k ★s on GitHub!
|
* 1k ★s on GitHub!
|
||||||
|
|
|
||||||
|
|
@ -32,10 +32,10 @@ RestrictSUIDSGID=yes
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
SystemCallFilter=@system-service
|
SystemCallFilter=@system-service
|
||||||
SystemCallErrorNumber=EPERM
|
SystemCallErrorNumber=EPERM
|
||||||
# Restrict write access
|
# To restrict write access further, change "ProtectSystem" to "strict" and uncomment
|
||||||
# Change to 'ProtectSystem=strict' and uncomment 'ProtectHome' to make the whole file
|
# "ReadWritePaths", "ReadOnlyPaths", "ProtectHome", and "BindPaths". Then add any local repository
|
||||||
# system read-only be default and uncomment 'ReadWritePaths' for the required write access.
|
# paths to the list of "ReadWritePaths" and local backup source paths to "ReadOnlyPaths". This
|
||||||
# Add local repositroy paths to the list of 'ReadWritePaths' like '-/mnt/my_backup_drive'.
|
# leaves most of the filesystem read-only to borgmatic.
|
||||||
ProtectSystem=full
|
ProtectSystem=full
|
||||||
# ReadWritePaths=-/mnt/my_backup_drive
|
# ReadWritePaths=-/mnt/my_backup_drive
|
||||||
# ReadOnlyPaths=-/var/lib/my_backup_source
|
# ReadOnlyPaths=-/var/lib/my_backup_source
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue