Update systemd service example to return a permission error when a system call isn't permitted.
This commit is contained in:
parent
ad7198ba66
commit
8fde19a7dc
2 changed files with 3 additions and 0 deletions
2
NEWS
2
NEWS
|
@ -1,5 +1,7 @@
|
||||||
1.5.13.dev0
|
1.5.13.dev0
|
||||||
* #373: Document that passphrase is used for Borg keyfile encryption, not just repokey encryption.
|
* #373: Document that passphrase is used for Borg keyfile encryption, not just repokey encryption.
|
||||||
|
* Update systemd service example to return a permission error when a system call isn't permitted
|
||||||
|
(instead of terminating borgmatic outright).
|
||||||
* Drop support for Python 3.5, which has been end-of-lifed.
|
* Drop support for Python 3.5, which has been end-of-lifed.
|
||||||
* Update versions of test dependencies (test_requirements.txt and test containers).
|
* Update versions of test dependencies (test_requirements.txt and test containers).
|
||||||
* Only support black code formatter on Python 3.8+. New black dependencies make installation
|
* Only support black code formatter on Python 3.8+. New black dependencies make installation
|
||||||
|
|
|
@ -29,6 +29,7 @@ RestrictRealtime=yes
|
||||||
RestrictSUIDSGID=yes
|
RestrictSUIDSGID=yes
|
||||||
SystemCallArchitectures=native
|
SystemCallArchitectures=native
|
||||||
SystemCallFilter=@system-service
|
SystemCallFilter=@system-service
|
||||||
|
SystemCallErrorNumber=EPERM
|
||||||
# Restrict write access
|
# Restrict write access
|
||||||
# Change to 'ProtectSystem=strict' and uncomment 'ProtectHome' to make the whole file
|
# Change to 'ProtectSystem=strict' and uncomment 'ProtectHome' to make the whole file
|
||||||
# system read-only be default and uncomment 'ReadWritePaths' for the required write access.
|
# system read-only be default and uncomment 'ReadWritePaths' for the required write access.
|
||||||
|
|
Loading…
Reference in a new issue