summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc/systemd/system/bacula-fd.service
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/files/etc/systemd/system/bacula-fd.service')
-rw-r--r--roles/common/files/etc/systemd/system/bacula-fd.service5
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/common/files/etc/systemd/system/bacula-fd.service b/roles/common/files/etc/systemd/system/bacula-fd.service
index 192ea1b..792d964 100644
--- a/roles/common/files/etc/systemd/system/bacula-fd.service
+++ b/roles/common/files/etc/systemd/system/bacula-fd.service
@@ -1,20 +1,25 @@
[Unit]
Description=Bacula File Daemon service
After=network.target
[Service]
Type=simple
StandardOutput=syslog
ExecStart=/usr/sbin/bacula-fd -f -c /etc/bacula/bacula-fd.conf
# Hardening
NoNewPrivileges=yes
PrivateDevices=yes
ProtectHome=read-only
ProtectSystem=strict
PrivateTmp=yes
ReadWriteDirectories=-/var/lib
ReadWriteDirectories=-/var/run/bacula
+PrivateDevices=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
[Install]
WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 21:40:33 +0000