Allow rsyncd to access /home read-only

author Bastian Blank <waldi@debian.org>

Fri, 3 Feb 2017 17:24:42 +0000 (18:24 +0100)

committer Bastian Blank <waldi@debian.org>

Fri, 3 Feb 2017 17:24:42 +0000 (18:24 +0100)
author Bastian Blank <waldi@debian.org>
Fri, 3 Feb 2017 17:24:42 +0000 (18:24 +0100)
committer Bastian Blank <waldi@debian.org>
Fri, 3 Feb 2017 17:24:42 +0000 (18:24 +0100)
diff --git a/modules/rsync/templates/systemd-rsyncd.service.erb b/modules/rsync/templates/systemd-rsyncd.service.erb

index 7a5b828..2a21d65 100644 (file)
--- a/modules/rsync/templates/systemd-rsyncd.service.erb
+++ b/modules/rsync/templates/systemd-rsyncd.service.erb
@@ -8,5 +8,5 @@ StandardError=journal
  CapabilityBoundingSet=CAP_SYS_CHROOT CAP_SETUID CAP_SETGID
  PrivateDevices=true
  PrivateNetwork=true
-ProtectHome=true
+ProtectHome=read-only
  ProtectSystem=full
author	Bastian Blank <waldi@debian.org>
	Fri, 3 Feb 2017 17:24:42 +0000 (18:24 +0100)
committer	Bastian Blank <waldi@debian.org>
	Fri, 3 Feb 2017 17:24:42 +0000 (18:24 +0100)