projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
decomission piu-slave-bm-a RT#7979
[mirror/dsa-puppet.git] / modules / rsync / templates / systemd-rsyncd.service.erb
diff --git a/modules/rsync/templates/systemd-rsyncd.service.erb b/modules/rsync/templates/systemd-rsyncd.service.erb
index 7a5b828..5ecc685 100644 (file)
--- a/modules/rsync/templates/systemd-rsyncd.service.erb
+++ b/modules/rsync/templates/systemd-rsyncd.service.erb
@@ -5,8 +5,8 @@ Description=rsync daemon <%= @name %>
 ExecStart=-/usr/bin/rsync --daemon --config=<%= @fname_real_rsync %>
 StandardInput=socket
 StandardError=journal
-CapabilityBoundingSet=CAP_SYS_CHROOT CAP_SETUID CAP_SETGID
+CapabilityBoundingSet=CAP_SYS_CHROOT CAP_SETUID CAP_SETGID CAP_DAC_READ_SEARCH
 PrivateDevices=true
 PrivateNetwork=true
-ProtectHome=true
+ProtectHome=read-only
 ProtectSystem=full
Unnamed repository; edit this file 'description' to name the repository.