blob: e4ed970c8dcd750c4c4d3035c259040ed55f212c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[Unit]
# Hardening
NoNewPrivileges=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=strict
ReadWriteDirectories=-/var/lib/bacula
ReadWriteDirectories=/mnt/backup/bacula
PrivateDevices=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_INET AF_INET6
|