2f3c0bec5b
First, ProtectSystem=strict will make the entire file system hierarchy (except /dev, /proc/ and /sys) read-only, so separate ReadOnlyPaths= is not necessary. Second, ProtectHome=tmpfs will not just mount an empty tmpfs on /root, but also on /home and /run/user. As it's likely quite common to want to backup /home, this seems like a footgun. Finally, it's quite likely that borgbackup will want access to root's SSH keys in order to connect to remote backup servers. Note that all these options are commented out by default, so this is more of a documentation change than any real change in functionality. |
||
---|---|---|
.. | ||
borgmatic-user.service | ||
borgmatic-user.timer | ||
borgmatic.service | ||
borgmatic.timer |