From ca0099049ce4d0cfae9367cc6bad31aa2bc818aa Mon Sep 17 00:00:00 2001
From: Bastian Blank <waldi@debian.org>
Date: Fri, 3 Feb 2017 18:24:42 +0100
Subject: [PATCH] Allow rsyncd to access /home read-only

---
 modules/rsync/templates/systemd-rsyncd.service.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/rsync/templates/systemd-rsyncd.service.erb b/modules/rsync/templates/systemd-rsyncd.service.erb
index 7a5b82840..2a21d6508 100644
--- a/modules/rsync/templates/systemd-rsyncd.service.erb
+++ b/modules/rsync/templates/systemd-rsyncd.service.erb
@@ -8,5 +8,5 @@ StandardError=journal
 CapabilityBoundingSet=CAP_SYS_CHROOT CAP_SETUID CAP_SETGID
 PrivateDevices=true
 PrivateNetwork=true
-ProtectHome=true
+ProtectHome=read-only
 ProtectSystem=full
-- 
2.20.1