aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Schlichting <fsfs@debian.org>2015-08-11 19:00:21 +0200
committerMax Kellermann <max@duempel.org>2015-08-11 19:00:21 +0200
commit5d13c13821870206eab1c8ef19b89ff5cfe1e1d4 (patch)
tree55067ca2197f16b8eb70beb888618c432c1f82f7
parent21ef656e24f421f92a14460791376d8121fedc3a (diff)
downloadmpd-5d13c13821870206eab1c8ef19b89ff5cfe1e1d4.tar.gz
mpd-5d13c13821870206eab1c8ef19b89ff5cfe1e1d4.tar.xz
mpd-5d13c13821870206eab1c8ef19b89ff5cfe1e1d4.zip
systemd: protect /usr when running under systemd
-rw-r--r--systemd/mpd.service.in3
1 files changed, 3 insertions, 0 deletions
diff --git a/systemd/mpd.service.in b/systemd/mpd.service.in
index bb7b5802a..c4600406d 100644
--- a/systemd/mpd.service.in
+++ b/systemd/mpd.service.in
@@ -19,6 +19,9 @@ ControlGroup=cpu:/mpd
# assign a real-time budget
ControlGroupAttribute=cpu.rt_runtime_us 500000
+# disallow writing to /usr, /bin, /sbin, ...
+ProtectSystem=yes
+
[Install]
WantedBy=multi-user.target
Also=mpd.socket