summaryrefslogtreecommitdiffstats
path: root/roles/common/files/etc/systemd/system
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/files/etc/systemd/system')
-rw-r--r--roles/common/files/etc/systemd/system/bacula-fd.service3
-rw-r--r--roles/common/files/etc/systemd/system/stunnel4@.service3
2 files changed, 2 insertions, 4 deletions
diff --git a/roles/common/files/etc/systemd/system/bacula-fd.service b/roles/common/files/etc/systemd/system/bacula-fd.service
index ee5afe3..68934f1 100644
--- a/roles/common/files/etc/systemd/system/bacula-fd.service
+++ b/roles/common/files/etc/systemd/system/bacula-fd.service
@@ -12,9 +12,8 @@ ExecStart=/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
NoNewPrivileges=yes
PrivateDevices=yes
ProtectHome=read-only
-ProtectSystem=full
+ProtectSystem=strict
PrivateTmp=yes
-ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib
ReadWriteDirectories=-/var/run/bacula
diff --git a/roles/common/files/etc/systemd/system/stunnel4@.service b/roles/common/files/etc/systemd/system/stunnel4@.service
index e53d29e..d634e50 100644
--- a/roles/common/files/etc/systemd/system/stunnel4@.service
+++ b/roles/common/files/etc/systemd/system/stunnel4@.service
@@ -16,8 +16,7 @@ Restart=on-failure
NoNewPrivileges=yes
PrivateDevices=yes
ProtectHome=yes
-ProtectSystem=full
-ReadOnlyDirectories=/
+ProtectSystem=strict
[Install]
WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 11:18:53 +0000