From 6a57ea01fd48992883d6dac1b7746e79202215e4 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 8 Dec 2018 01:06:06 +0100
Subject: =?UTF-8?q?systemd:=20Replace=20=E2=80=98ProtectSystem=3Dfull?=
 =?UTF-8?q?=E2=80=99=20with=20=E2=80=98ProtectSystem=3Dstrict=E2=80=99.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

And remove ‘ReadOnlyDirectories=/’ as it's implied by ‘ProtectSystem=strict’.
---
 roles/common/files/etc/systemd/system/bacula-fd.service | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'roles/common/files/etc/systemd/system/bacula-fd.service')

diff --git a/roles/common/files/etc/systemd/system/bacula-fd.service b/roles/common/files/etc/systemd/system/bacula-fd.service
index ee5afe3..68934f1 100644
--- a/roles/common/files/etc/systemd/system/bacula-fd.service
+++ b/roles/common/files/etc/systemd/system/bacula-fd.service
@@ -12,9 +12,8 @@ ExecStart=/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf
 NoNewPrivileges=yes
 PrivateDevices=yes
 ProtectHome=read-only
-ProtectSystem=full
+ProtectSystem=strict
 PrivateTmp=yes
-ReadOnlyDirectories=/
 ReadWriteDirectories=-/var/lib
 ReadWriteDirectories=-/var/run/bacula
 
-- 
cgit v1.2.3