psw/borgmatic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add comment about MemoryDenyWriteExecute value and the tradeoffs thereof.

Browse source
This commit is contained in:
Dan Helfman 2020-08-23 14:11:19 -07:00
parent 32a93ce8a2
commit 9b83fcbf06
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sample/systemd/borgmatic.service
View file

@ -11,6 +11,8 @@ Type=oneshot
# For more details about this settings check the systemd manuals # For more details about this settings check the systemd manuals
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
LockPersonality=true LockPersonality=true
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
# But you can try setting it to "yes" for improved security if you don't use those features.
MemoryDenyWriteExecute=no MemoryDenyWriteExecute=no
NoNewPrivileges=yes NoNewPrivileges=yes
PrivateDevices=yes PrivateDevices=yes