From 8fde19a7dce251207f6e6d3b3aa4a25f65d0fd9b Mon Sep 17 00:00:00 2001 From: Dan Helfman Date: Mon, 30 Nov 2020 22:14:28 -0800 Subject: [PATCH] Update systemd service example to return a permission error when a system call isn't permitted. --- NEWS | 2 ++ sample/systemd/borgmatic.service | 1 + 2 files changed, 3 insertions(+) diff --git a/NEWS b/NEWS index 67b008b01..099e4e3c9 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,7 @@ 1.5.13.dev0 * #373: Document that passphrase is used for Borg keyfile encryption, not just repokey encryption. + * Update systemd service example to return a permission error when a system call isn't permitted + (instead of terminating borgmatic outright). * Drop support for Python 3.5, which has been end-of-lifed. * Update versions of test dependencies (test_requirements.txt and test containers). * Only support black code formatter on Python 3.8+. New black dependencies make installation diff --git a/sample/systemd/borgmatic.service b/sample/systemd/borgmatic.service index 89807b481..c4c533f93 100644 --- a/sample/systemd/borgmatic.service +++ b/sample/systemd/borgmatic.service @@ -29,6 +29,7 @@ RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM # Restrict write access # Change to 'ProtectSystem=strict' and uncomment 'ProtectHome' to make the whole file # system read-only be default and uncomment 'ReadWritePaths' for the required write access.