Browse Source

Add comment about MemoryDenyWriteExecute value and the tradeoffs thereof.

master
Dan Helfman 2 months ago
parent
commit
9b83fcbf06
1 changed files with 2 additions and 0 deletions
  1. +2
    -0
      sample/systemd/borgmatic.service

+ 2
- 0
sample/systemd/borgmatic.service View File

@@ -11,6 +11,8 @@ Type=oneshot
# For more details about this settings check the systemd manuals
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html
LockPersonality=true
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
# But you can try setting it to "yes" for improved security if you don't use those features.
MemoryDenyWriteExecute=no
NoNewPrivileges=yes
PrivateDevices=yes


Loading…
Cancel
Save