borgmatic-collective/borgmatic
9
71
Fork 44
Code Issues 55 Pull Requests 6 Actions 1 Packages Releases 154 Activity

Update systemd service example to return a permission error when a system call isn't permitted.
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Dan Helfman
2020-11-30 22:14:28 -08:00
parent ad7198ba66
commit 8fde19a7dc
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
sample/systemd/borgmatic.service
View File

@@ -29,6 +29,7 @@ RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
# Restrict write access
# Change to 'ProtectSystem=strict' and uncomment 'ProtectHome' to make the whole file
# system read-only be default and uncomment 'ReadWritePaths' for the required write access.