summaryrefslogtreecommitdiffstats
path: root/roles/bacula-dir/files/etc/systemd/system/bacula-director.service
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2018-12-08 01:06:06 +0100
committerGuilhem Moulin <guilhem@fripost.org>2018-12-09 20:25:39 +0100
commit6a57ea01fd48992883d6dac1b7746e79202215e4 (patch)
treef55ae891ecf05aa19511ce1493ae8631f60826bc /roles/bacula-dir/files/etc/systemd/system/bacula-director.service
parentbccbd0d4c0faf46e911284e599cc22da2c9b04d9 (diff)
systemd: Replace ‘ProtectSystem=full’ with ‘ProtectSystem=strict’.
And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’.
Diffstat (limited to 'roles/bacula-dir/files/etc/systemd/system/bacula-director.service')
-rw-r--r--roles/bacula-dir/files/etc/systemd/system/bacula-director.service3
1 files changed, 1 insertions, 2 deletions
diff --git a/roles/bacula-dir/files/etc/systemd/system/bacula-director.service b/roles/bacula-dir/files/etc/systemd/system/bacula-director.service
index 8f952c6..2c09f61 100644
--- a/roles/bacula-dir/files/etc/systemd/system/bacula-director.service
+++ b/roles/bacula-dir/files/etc/systemd/system/bacula-director.service
@@ -1,24 +1,23 @@
[Unit]
Description=Bacula Director service
After=network.target
[Service]
Type=forking
PIDFile=/var/run/bacula/bacula-dir.9101.pid
StandardOutput=syslog
User=bacula
Group=bacula
ExecStart=/usr/sbin/bacula-dir -c /etc/bacula/bacula-dir.conf
# Hardening
NoNewPrivileges=yes
PrivateDevices=yes
ProtectHome=yes
-ProtectSystem=full
-ReadOnlyDirectories=/
+ProtectSystem=strict
ReadWriteDirectories=-/var/lib/bacula
ReadWriteDirectories=-/var/log/bacula
ReadWriteDirectories=-/var/run/bacula
[Install]
WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 16:44:09 +0000