diff options
author | Florian Schlichting <fsfs@debian.org> | 2015-08-11 19:00:21 +0200 |
---|---|---|
committer | Max Kellermann <max@duempel.org> | 2015-08-11 19:00:21 +0200 |
commit | 5d13c13821870206eab1c8ef19b89ff5cfe1e1d4 (patch) | |
tree | 55067ca2197f16b8eb70beb888618c432c1f82f7 | |
parent | 21ef656e24f421f92a14460791376d8121fedc3a (diff) | |
download | mpd-5d13c13821870206eab1c8ef19b89ff5cfe1e1d4.tar.gz mpd-5d13c13821870206eab1c8ef19b89ff5cfe1e1d4.tar.xz mpd-5d13c13821870206eab1c8ef19b89ff5cfe1e1d4.zip |
systemd: protect /usr when running under systemd
-rw-r--r-- | systemd/mpd.service.in | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/systemd/mpd.service.in b/systemd/mpd.service.in index bb7b5802a..c4600406d 100644 --- a/systemd/mpd.service.in +++ b/systemd/mpd.service.in @@ -19,6 +19,9 @@ ControlGroup=cpu:/mpd # assign a real-time budget ControlGroupAttribute=cpu.rt_runtime_us 500000 +# disallow writing to /usr, /bin, /sbin, ... +ProtectSystem=yes + [Install] WantedBy=multi-user.target Also=mpd.socket |