Add comment about MemoryDenyWriteExecute value and the tradeoffs thereof.
This commit is contained in:
parent
32a93ce8a2
commit
9b83fcbf06
1 changed files with 2 additions and 0 deletions
|
@ -11,6 +11,8 @@ Type=oneshot
|
||||||
# For more details about this settings check the systemd manuals
|
# For more details about this settings check the systemd manuals
|
||||||
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
LockPersonality=true
|
LockPersonality=true
|
||||||
|
# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
|
||||||
|
# But you can try setting it to "yes" for improved security if you don't use those features.
|
||||||
MemoryDenyWriteExecute=no
|
MemoryDenyWriteExecute=no
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
|
|
Loading…
Reference in a new issue