Update systemd service example to return a permission error when a system call isn't permitted.

This commit is contained in:
Dan Helfman 2020-11-30 22:14:28 -08:00
parent ad7198ba66
commit 8fde19a7dc
2 changed files with 3 additions and 0 deletions

2
NEWS
View file

@ -1,5 +1,7 @@
1.5.13.dev0 1.5.13.dev0
* #373: Document that passphrase is used for Borg keyfile encryption, not just repokey encryption. * #373: Document that passphrase is used for Borg keyfile encryption, not just repokey encryption.
* Update systemd service example to return a permission error when a system call isn't permitted
(instead of terminating borgmatic outright).
* Drop support for Python 3.5, which has been end-of-lifed. * Drop support for Python 3.5, which has been end-of-lifed.
* Update versions of test dependencies (test_requirements.txt and test containers). * Update versions of test dependencies (test_requirements.txt and test containers).
* Only support black code formatter on Python 3.8+. New black dependencies make installation * Only support black code formatter on Python 3.8+. New black dependencies make installation

View file

@ -29,6 +29,7 @@ RestrictRealtime=yes
RestrictSUIDSGID=yes RestrictSUIDSGID=yes
SystemCallArchitectures=native SystemCallArchitectures=native
SystemCallFilter=@system-service SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
# Restrict write access # Restrict write access
# Change to 'ProtectSystem=strict' and uncomment 'ProtectHome' to make the whole file # Change to 'ProtectSystem=strict' and uncomment 'ProtectHome' to make the whole file
# system read-only be default and uncomment 'ReadWritePaths' for the required write access. # system read-only be default and uncomment 'ReadWritePaths' for the required write access.