Add comment about MemoryDenyWriteExecute value and the tradeoffs thereof.
This commit is contained in:
parent
32a93ce8a2
commit
9b83fcbf06
1 changed files with 2 additions and 0 deletions
|
@ -11,6 +11,8 @@ Type=oneshot
|
|||
# For more details about this settings check the systemd manuals
|
||||
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
LockPersonality=true
|
||||
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
|
||||
# But you can try setting it to "yes" for improved security if you don't use those features.
|
||||
MemoryDenyWriteExecute=no
|
||||
NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
|
|
Loading…
Reference in a new issue