From: Bastian Blank <waldi@debian.org>
Date: Fri, 3 Feb 2017 17:24:42 +0000 (+0100)
Subject: Allow rsyncd to access /home read-only
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=ca0099049ce4d0cfae9367cc6bad31aa2bc818aa;p=mirror%2Fdsa-puppet.git

Allow rsyncd to access /home read-only
---

diff --git a/modules/rsync/templates/systemd-rsyncd.service.erb b/modules/rsync/templates/systemd-rsyncd.service.erb
index 7a5b82840..2a21d6508 100644
--- a/modules/rsync/templates/systemd-rsyncd.service.erb
+++ b/modules/rsync/templates/systemd-rsyncd.service.erb
@@ -8,5 +8,5 @@ StandardError=journal
 CapabilityBoundingSet=CAP_SYS_CHROOT CAP_SETUID CAP_SETGID
 PrivateDevices=true
 PrivateNetwork=true
-ProtectHome=true
+ProtectHome=read-only
 ProtectSystem=full